BCG Platinion | Consultant, Cybersecurity

About The Position

Requirements

• 1+ years of practical experience in cybersecurity consulting or cybersecurity management (with teams of five persons or more) in a variety of sectors and contexts.
• BS in cybersecurity, information systems, mathematics, natural sciences, business management, or similar degree.
• Hands-on experience with, or extensive knowledge of developing cybersecurity strategies or policies.
• Quantifying and managing cybersecurity risk.
• Leading security assessments.
• Designing, transforming, implementing, and running cybersecurity programs.
• Developing security architectures.
• Integrating security into applications and systems.
• Implementing cloud security.
• Managing cybersecurity risk arising from third parties and the supply chain.
• Designing / implementing identity and access management.
• Developing and upskilling a cybersecurity workforce.
• Delivering cybersecurity culture change, awareness, and training.
• Performing continuous monitoring activities such as using SIEM tools, APT hunting, implementing UBA, etc.
• Designing / implementing vulnerability management, including conducting vulnerability assessments.
• Performing penetration testing, incident management, BCP, and/or DRP.
• Broad knowledge of cybersecurity technologies throughout the organizational and acquisition lifecycle.
• Working knowledge of at least two different cybersecurity frameworks.

Nice To Haves

• Experience with NIST Cybersecurity Framework.
• Familiarity with C2M2.
• Knowledge of NIST SP 800-53 and companion publications.
• Understanding of ISO/IEC 27 family of standards.
• Experience with Cloud Security Alliance CCM.

Responsibilities

• Understand the role technology plays in enabling businesses to execute their strategies and expose the cybersecurity implications of this relationship.
• Analyze cybersecurity standards, regulatory requirements, and best practices and translate that into a meaningful set of recommendations tailored to a client's unique environment and circumstances.
• Communicate complex and technical concepts in a concise and business value-centric written form.
• Implement cybersecurity transformation and culture change initiatives.
• Conduct cybersecurity assessments including gap analysis and roadmap development in multiple contexts, including organizations, product development, and cloud security.
• Develop cybersecurity strategies, policies, processes, and procedures to protect clients' internal infrastructure and their customers.
• Understand data protection, data security, and privacy drivers that influence organizations today.
• Develop cybersecurity business strategies for technology product vendors that are integrated into the organization's overall business strategy and increase revenue and profits.
• Work with leadership teams, including facilitating board and senior management cybersecurity awareness workshops.
• Embed product security and DevSecOps practices into the software development lifecycles, system designs, and IT architectures.
• Utilize cyber risk quantification to reduce uncertainty around cyber risk and improve executive decision making.
• Create and facilitate table-top exercises.
• Deliver operational resilience through incident response, business continuity, and disaster recovery planning.

Benefits

• Zero-dollar health insurance premiums for BCG employees, spouses, and children.
• $1 copays for trips to the doctor, urgent care visits and prescriptions for generic drugs.
• Dental coverage, including up to $5,000 in orthodontia benefits.
• Vision insurance with coverage for both glasses and contact lenses annually.
• Reimbursement for gym memberships and other fitness activities.
• Fully vested retirement contributions made annually, whether you contribute or not.
• Generous paid time off including vacation, holidays, and annual office closure between Christmas and New Years.
• Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement.