Not Authorized
You are currently not authorized to access this section.
Please contact your Administrator to change your authorization settings.
Please contact your Administrator to change your authorization settings.
IT Security Controls Manager
Atlanta, GA
Job Description
WHAT YOU'LL DO
As the IT Security Controls Manager your will act as a "cyber control officer" of the Company under the supervision of the Director of Strategy, Governance and Compliance. You will plan, lead and develop documentation of the information security control requirements of ISO127000 series/NIST 800-53. You will examine existing system and business processes and identify opportunities to increase controls efficiencies while maintaining internal control effectiveness. This will include conducting reviews, recommending solutions and monitoring the implementation of changes required by annual process flowcharts/walk-throughs and general information security control testing. Additionally, the control manager will coordinate and deliver training for control owners on their responsibilities and control tester expectations.
YOU'RE GOOD AT
YOU BRING (EXPERIENCE & QUALIFICATIONS)
YOU'LL WORK WITH
This team member will work across the Information Security Organization to draw connectivity and controls management between application security, vulnerability management, enterprise architecture, and strategy, governance and compliance. This team member will additionally be critical in building relationships between the global risk function, IT, and information security. BCG's continued growth and acquisitions will also require continued insight and support from the controls manager to homogenize processes and bring a consistent information security framework to BCG.
ADDITIONAL INFORMATION
Candidates should be aware that BCG currently maintains a policy requiring all US & Canada based employees to be fully vaccinated against COVID-19. Newly hired employees must be fully vaccinated prior to their employment start date. BCG is an equal opportunity employer and will provide a reasonable accommodation to those unable to be vaccinated for medical or religious reasons where it is not an undue hardship to the company to do so as provided under applicable federal, state, provincial and local law.
The Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, protected veteran status, or any other characteristic protected under federal, state or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
As the IT Security Controls Manager your will act as a "cyber control officer" of the Company under the supervision of the Director of Strategy, Governance and Compliance. You will plan, lead and develop documentation of the information security control requirements of ISO127000 series/NIST 800-53. You will examine existing system and business processes and identify opportunities to increase controls efficiencies while maintaining internal control effectiveness. This will include conducting reviews, recommending solutions and monitoring the implementation of changes required by annual process flowcharts/walk-throughs and general information security control testing. Additionally, the control manager will coordinate and deliver training for control owners on their responsibilities and control tester expectations.
YOU'RE GOOD AT
- Collaborating with technology groups or vendors at all levels to design, standardize, implement information systems controls which mitigate or prevent material loss influenced by ISO127000 series standards, NIST 800-53 or similar control framework domain.
- Supervising Vendor/Contingent Labor Supervision involved in control process
- Partnering with Security Architecture and Secure Supplier teams to manage Controls Coordination
- Drive Process Improvement through streamlining processes, leading process change and directing implementation of automated internal controls.
- Maintaining Controls Environment Documentation including control matrices, narratives, and process flows
- Risk Mitigation and Controls Remediation Programming through identification of security related risks, maintenance and monitoring and facilitation of remediation activities
YOU BRING (EXPERIENCE & QUALIFICATIONS)
- 8+ Years as an information systems auditor of 8+ years working through an IT controls function
- Professional Services company exposure through audit or direct employment, a plus.
- Working in a non-regulated sector and designing minimum viable controls for cybersecurity
- Experience designing and developing information systems controls beyond financial management or SOX standards
- Previous information security / cybersecurity controls experience specifically with Oracle (8 years including 3 years information security testing) required.
- Baccalaureate degree in management information systems or computer science or similar (master's degree a plus).
- Experience designing or auditing controls for an enterprise architecture
- Previous segregation of duties design and auditing experience
- Access Recertification testing and design, and auditing experience
- Identity and access management improvement experience
- Cloud control design experience with AWS/Google Cloud/Azure, a plus
- Proven ability to influence at all levels of the organization without formal authority and work closely with Technology groups and executive management.
- Maintenance of technical competence in current auditing practices, compliance policies and government regulations.
- Appetite for leadership and strong project management skills; adept at troubleshooting and persistent at achieving results.
- Exceptional written & oral communication skills required including responding and articulating processes and issues related to cybersecurity controls
- Proficient in Microsoft Office suite of applications
YOU'LL WORK WITH
This team member will work across the Information Security Organization to draw connectivity and controls management between application security, vulnerability management, enterprise architecture, and strategy, governance and compliance. This team member will additionally be critical in building relationships between the global risk function, IT, and information security. BCG's continued growth and acquisitions will also require continued insight and support from the controls manager to homogenize processes and bring a consistent information security framework to BCG.
ADDITIONAL INFORMATION
Candidates should be aware that BCG currently maintains a policy requiring all US & Canada based employees to be fully vaccinated against COVID-19. Newly hired employees must be fully vaccinated prior to their employment start date. BCG is an equal opportunity employer and will provide a reasonable accommodation to those unable to be vaccinated for medical or religious reasons where it is not an undue hardship to the company to do so as provided under applicable federal, state, provincial and local law.
The Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, protected veteran status, or any other characteristic protected under federal, state or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
Job Summary
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Education
Bachelor's Degree
Required Experience
3 to 8 years
Email this Job to Yourself or a Friend