Information Security Specialist

WHAT YOU'LL DO The right candidate is responsible for managing security compliance for BCG’s software and data offerings in alignment with AICPA’s SOC 1 and SOC 2 framework and ISO 27001 standards. The right candidate must be able to demonstrate understanding of the fundamental security compliance frameworks, understand security and compliance audit processes and be able to collaborate with the team.

The candidate must be a proactive team player, be able to communicate information and explanation to guide solutions. Additionally, the candidate must demonstrate strong customer service to set of internal stakeholders and develop positive and collaborative relationships within own area. The successful candidate possesses excellent interpersonal and communication skills, both written and oral, required to partner with team members and stakeholders across the business to identify compliance gaps, issues and risks.

The role will report to the head of Governance & Risk Management for BCG X and sit within BCG’s information Security team. YOU'RE GOOD AT Understanding cybersecurity compliance frameworks - SOC 1, SOC 2, ISO 27k. Have a risk mindset, eye for detail, and can apply critical thinking.

Working with auditors, audit request lists and taking ownership of gathering security audit evidence. Coordinating audits and conducting reviews of deliverable to verify compliance with internal policies and industry best practices. Thorough with an eye for detail to ensure completeness of audit and compliance requests.

Ensuring clear and expedient escalations with informed recommendations to management. Being a team player and working to achieve common goal in a dynamic setting. Identify and leverage lessons learned and best practices from audits, fostering the culture of continuous improvement within BCG.

YOU BRING (EXPERIENCE & QUALIFICATIONS) Broad working knowledge in key areas of security compliance frameworks (SOC 1, SOC 2, HITRUST, ISO 27k). Minimum of 2 years’ experience working with security compliance audits. A minimum bachelor’s degree in any discipline. Computer science, cyber security and risk or technology degrees preferred.

Fluent in English (verbal and written) Strong communication. Flexibility in scheduling, capable and willing to attend conference calls outside of regular working hours to accommodate the geographical requirements and time zones of our stakeholders, and team members. Flexibility in scheduling, capable and willing to attend conference calls outside of regular working hours to accommodate the geographical requirements and time zones of our stakeholders, and team members.

Strong work management, and work ethics required. Ability to work successfully within a cohesive and matrixed team environment. Superior interpersonal and communication skills; projects confidence and trust. YOU'LL WORK WITH The role will report to the head of Governance & Risk Management for BCG X and sit within BCG’s information Security risk management team, working closely with product and engineering, security and IT teams.