Global Risk Senior Director - Cyber Security @ Kronos Incorporated

Job Description

WHAT YOU'LL DO The Cyber Security Threat Emulation & Attack-Surface Modeling (C-STEAM) Senior Director is responsible for driving thought leadership across IT product teams, DevSecOps practitioners, and technology product owners, providing actionable reporting on the security health of BCGs technology assets and driving adversary simulation campaigns that enhance BCGs readiness for a cyber security attack. This role reports the Chief Information Security Officer, interfaces closely with and influences first-line-of-defense technical product owners, portfolio leaders, security engineers, and software developers. This leader shines when the pressure is high, acting as a trusted advisor to the Chief Information Security Officer, Chief Architect, IT Leadership Team, Information Security Risk Management leadership, and the Chief Risk Officer. The C-STEAM Senior Director will drive the scalable measurement and reporting of cybersecurity hygiene health across BCGs global attack surface. including vulnerability management, red & purple teaming, application security, and configuration management. They will attract, grow, inspire, and retain a diverse, high-performing team of cybersecurity engineers and engineering leaders. YOU'RE GOOD AT Leading teams through change, ambiguous situations, and competing priorities. Understanding the business, strategy, and marries strategy to relevant information security requirements, discerning between outputs and outcomes and bringing data-driven stories to key stakeholders. Co-leading purple team activities with first-responders, improving cyber defense through effective emulation of adversary tactics and knowledge sharing. Driving adoption of effective controls and architecture patterns required for BCG to effectively defend against attackers with varied skillets and motivations. Influencing peers and product teams to mature and promote industry-leading security control hygiene across the overall technology landscape. Sharing best practices in information security between the business units and the rest of the enterprise. Enriching risk management conversations with industry knowledge and actionable architecture analysis. Consulting with architects and product owners on likely threat scenarios and effective mitigation strategies. Strategically balancing team skillset with vendor capabilities to provide comprehensive, ever-maturing capabilities for solution architecture, technology stack performance. YOU BRING (EXPERIENCE & QUALIFICATIONS) Bachelors degree (or equivalent). Minimum of 12 years of information security risk management experience, with a strong background in enterprise architecture, secure software development practices, cloud & infrastructure security, security applications and technologies. Subject matter expert in cyber security practices that include the configuration and architecture of security tools and products (e.g. endpoint detection & response, network and application firewalls, cloud security posture management, attack surface vulnerability scanning, etc.), service-oriented architecture, machine learning and artificial intelligence, common attacker tools, techniques, and practices (e.g. Burp Suite, Cobalt Strike, fuzzers, metasploit, etc.) and the defender strategies needed to successfully protect BCG. Expert knowledge with cumulative hands on experience across a vast array of technology platforms. Knowledge of the legal and regulatory landscape related to security and privacy in an international environment. Executive presence, ability to influence senior IT and Global Risk leaders. Knowledge of cyber security landscape in modern digital technologies, particularly in cloud Security, in technological, business and operational aspects. Ability to communicate (written and verbally) highly complex and technical concepts and information risk to technical and nnon-technical business audience to aid them in making informed risk decisions. Experience leading a global, cross-functional team. Ability to apply entrepreneurial and innovative mind-set and attitude to adapt to the speed and agility needed for evolving business demands. YOU'LL WORK WITH A global team of information security professionals and business leaders. Interact daily with the worlds most remarkable entrepreneurs, designers, engineers, architects, product experts and developers collaborating to create strategic advantage for the most important global companies. You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCGs values and culture. You will be an integral part of the BCG Information Security Risk Management and Enterprise Architecture teams in delivering the security program for all of BCG

Employement Category:

Employement Type: Full time
Industry: Management Consulting / Strategy
Role Category: General / Other Software
Functional Area: Not Applicable
Role/Responsibilies: Global Risk Senior Director - Cyber Security

+ View Contact

Keyskills:   cyber security thought leadership vulnerability management red teaming application security configuration management leadership change management business strategy risk management architecture analysis vendor management enterprise architecture cloud security information risk innovation threat emulation attacksurface modeling DevSecOps security health adversary simulation purple teaming datadriven security control hygiene secure software development global team collaboration entrepreneurial mindset