Job Description
WHAT YOU'LL DO The Cyber Security Threat Emulation & Attack-Surface Modeling (C-STEAM) Senior Director is responsible for driving thought leadership across IT product teams, DevSecOps practitioners, and technology product owners, providing actionable reporting on the security health of BCGs technology assets and driving adversary simulation campaigns that enhance BCGs readiness for a cyber security attack. This role reports the Chief Information Security Officer, interfaces closely with and influences first-line-of-defense technical product owners, portfolio leaders, security engineers, and software developers. This leader shines when the pressure is high, acting as a trusted advisor to the Chief Information Security Officer, Chief Architect, IT Leadership Team, Information Security Risk Management leadership, and the Chief Risk Officer. The C-STEAM Senior Director will drive the scalable measurement and reporting of cybersecurity hygiene health across BCGs global attack surface. including vulnerability management, red & purple teaming, application security, and configuration management. They will attract, grow, inspire, and retain a diverse, high-performing team of cybersecurity engineers and engineering leaders. YOU'RE GOOD AT Leading teams through change, ambiguous situations, and competing priorities. Understanding the business, strategy, and marries strategy to relevant information security requirements, discerning between outputs and outcomes and bringing data-driven stories to key stakeholders. Co-leading purple team activities with first-responders, improving cyber defense through effective emulation of adversary tactics and knowledge sharing. Driving adoption of effective controls and architecture patterns required for BCG to effectively defend against attackers with varied skillets and motivations. Influencing peers and product teams to mature and promote industry-leading security control hygiene across the overall technology landscape. Sharing best practices in information security between the business units and the rest of the enterprise. Enriching risk management conversations with industry knowledge and actionable architecture analysis. Consulting with architects and product owners on likely threat scenarios and effective mitigation strategies. Strategically balancing team skillset with vendor capabilities to provide comprehensive, ever-maturing capabilities for solution architecture, technology stack performance. YOU BRING (EXPERIENCE & QUALIFICATIONS) Bachelors degree (or equivalent). Minimum of 12 years of information security risk management experience, with a strong background in enterprise architecture, secure software development practices, cloud & infrastructure security, security applications and technologies. Subject matter expert in cyber security practices that include the configuration and architecture of security tools and products (e.g. endpoint detection & response, network and application firewalls, cloud security posture management, attack surface vulnerability scanning, etc.), service-oriented architecture, machine learning and artificial intelligence, common attacker tools, techniques, and practices (e.g. Burp Suite, Cobalt Strike, fuzzers, metasploit, etc.) and the defender strategies needed to successfully protect BCG. Expert knowledge with cumulative hands on experience across a vast array of technology platforms. Knowledge of the legal and regulatory landscape related to security and privacy in an international environment. Executive presence, ability to influence senior IT and Global Risk leaders. Knowledge of cyber security landscape in modern digital technologies, particularly in cloud Security, in technological, business and operational aspects. Ability to communicate (written and verbally) highly complex and technical concepts and information risk to technical and nnon-technical business audience to aid them in making informed risk decisions. Experience leading a global, cross-functional team. Ability to apply entrepreneurial and innovative mind-set and attitude to adapt to the speed and agility needed for evolving business demands. YOU'LL WORK WITH A global team of information security professionals and business leaders. Interact daily with the worlds most remarkable entrepreneurs, designers, engineers, architects, product experts and developers collaborating to create strategic advantage for the most important global companies. You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCGs values and culture. You will be an integral part of the BCG Information Security Risk Management and Enterprise Architecture teams in delivering the security program for all of BCG
Employement Category:
Employement Type: Full time
Industry: Management Consulting / Strategy
Role Category: General / Other Software
Functional Area: Not Applicable
Role/Responsibilies: Global Risk Senior Director - Cyber Security
Keyskills:
cyber security
thought leadership
vulnerability management
red teaming
application security
configuration management
leadership
change management
business strategy
risk management
architecture analysis
vendor management
enterprise architecture
cloud security
information risk
innovation
threat emulation
attacksurface modeling
DevSecOps
security health
adversary simulation
purple teaming
datadriven
security control hygiene
secure software development
global team collaboration
entrepreneurial mindset