Office Tour Photos
WHAT YOU'LL DO
The Security Risk & Compliance Analyst is responsible for leading compliance-related activities for BCG Omnia’s software and data products and cloud infrastructure environment in alignment with BCG Information Security & Risk Management standards and best practices.
YOU'RE GOOD AT
Working with a myriad of product, engineering, and infrastructure management teams to implement security controls and monitor compliance. The Security Risk & Compliance Analyst will work with BCG Omnia’s Security & Risk Compliance Manager to:
- Understand compliance requirements of engineering, product, and cloud infrastructure delivery teams.
- Serve as compliance subject matter expert providing guidance.
- Implement compliance strategy in alignment with business requirements, objectives and metrics.
- Lead and enhance an information security, risk & compliance management framework.
- Translate legal, statutory and contractual obligations into a unified collection of processes and provide the respective stakeholders with compliance requirements and methodologies.
- Collaborate with engineering, product, and cloud teams to lead effective process improvements.
- Manage external audits, third party penetration tests, and customer assessments.
- Coordinate system audits, reviews, and tests to verify compliance with security policies and standards.
- Support RFP and client agreements process in assessing security requirements from potential clients.
- Collaborate with privacy team on policy and process issues.
- Provide monthly metrics reporting, identify and manage gaps in policy, and work to resolve.
- Updates job knowledge by tracking and understanding relevant frameworks and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
YOU BRING (EXPERIENCE & QUALIFICATIONS)
- 3-5+ years of experience in information security, compliance, audit and/or risk management
- 3-5+ years of experience in information technology environments
- Knowledge of security issues, trends, best practices
- Familiarity with audit, business and segregation of duties, risks, and controls
- Excellent data analysis skills
- Ability to foresee and identify mitigation strategies for risks
- Knowledge of frameworks and industry standards such as SOC2, ISO 27001, and NIST desirable
- Working knowledge in one or more privacy laws such as GDPR
YOU'LL WORK WITH
You will work in a fast-paced, intellectually challenging, product oriented environment. You will work with application developers, product managers and cloud infrastructure teams to provide security expertise and guidance. You will be a part of an enthusiastic and motivated team of security professionals in support of delivering software and data solutions to our clients.
WHO WE ARE
BCG pioneered strategy consulting more than 50 years ago, and we continue to innovate and redefine the industry. We offer multiple career paths for the world’s best talent to have a real impact on business and society. As part of our team, you will benefit from the breadth and diversity of what we are doing today and where we are headed next. We count on your authenticity, exceptional work, and strong integrity. In return we are committed to supporting you in discovering the most fulfilling career journey possible—and unlocking your potential to advance the world.
BCG Omnia partners with our practice areas—both industries and capabilities—to transform our firm’s unique intellectual property into professional, scalable software and data products that enhance our client service efforts. BCG Omnia employs leading-edge technologies and specialized experts in product design and development, data analytics, and customer delivery to provide world-class business solutions
Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, protected veteran status, or any other characteristic protected under federal, state or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.