Global Director, Cyber Audit & Assurance

Boston Consulting GroupAtlanta, GA
$176,000 - $214,700Onsite

About The Position

The Director, Cyber Audit & Assurance is a senior leadership role within BCG's Information Security Risk Management organization. Reporting to the Senior Director, Information Security Risk Management, this individual is responsible for leading BCG's global cybersecurity audit, certification, and compliance programs. The role owns the strategy, governance, and execution of the firm's security certification portfolio, including HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials, TISAX, ENS, and other regional, industry-specific, and regulatory requirements. Working across Information Security, Technology, Legal, Privacy, Risk Management, and business stakeholders, the Director ensures that security controls remain effective, certifications are maintained, and the organization is prepared to meet evolving regulatory, client, and market requirements. Given the firm's significant U.S. regulatory, healthcare, and client-driven certification obligations, this role requires deep expertise in U.S. cybersecurity compliance frameworks and regular engagement with U.S.-based auditors, legal stakeholders, and business leaders. This leader provides oversight of external audits, certification activities, and regulatory assessments while driving continuous improvement across BCG's cybersecurity control environment.

Requirements

  • Bachelor's degree in Information Security, Cybersecurity, Information Systems, Risk Management, Business, or related field.
  • 12+ years of experience in cybersecurity, information security, audit, risk management, compliance, or assurance functions.
  • 5+ years of leadership experience managing enterprise-scale assurance, audit, or compliance programs.
  • Demonstrated ownership of complex global certification and assurance programs.
  • Deep expertise with HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials, TISAX, ENS, and related frameworks.
  • Deep expertise in HIPAA, HITRUST, U.S. healthcare security requirements, and U.S. regulatory compliance frameworks.
  • Strong working knowledge of NIST Cybersecurity Framework (CSF), NIST 800-53, and NIST 800-171.
  • Experience supporting U.S. government, defense, healthcare, or other highly regulated industry compliance programs.
  • Experience leading external audits, certification programs, and regulatory examinations.
  • Experience presenting certification, compliance, and regulatory risk matters to executive leadership and governance committees.
  • Proven ability to influence senior executives and drive outcomes across a highly matrixed global organization.

Nice To Haves

  • Experience within consulting, professional services, healthcare technology, SaaS, cloud, or other highly regulated industries.
  • Familiarity with U.S. government and regulated-industry certification programs, such as CMMC, FedRAMP, StateRAMP, or equivalent assurance requirements.
  • Familiarity with AI governance, AI assurance, and emerging regulatory frameworks.
  • Professional certifications such as CISSP, CISA, CISM, CRISC, HITRUST CCSFP, ISO 27001 Lead Auditor, or equivalent.

Responsibilities

  • Own and lead BCG's global cyber audit, certification, and compliance portfolio.
  • Serve as executive owner for HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials Basic & Plus, TISAX, ENS, and other regional, industry-specific, and regulatory certification programs.
  • Define and execute the firm's multi-year cyber audit and certification strategy.
  • Lead certification audits, surveillance reviews, recertification activities, and external assessments globally.
  • Establish sustainable evidence management, control governance, audit readiness, and continuous compliance processes.
  • Manage relationships with external auditors, certification bodies, assessors, regulators, and client audit teams.
  • Drive remediation planning and closure of audit findings across global stakeholders.
  • Advise business leaders on certification and regulatory requirements supporting market expansion and client commitments.
  • Lead or support activities related to emerging U.S. regulatory, government, and industry certification requirements.
  • Monitor emerging regulatory, assurance, and AI governance requirements and assess impacts to the firm.
  • Lead local and regional certification initiatives required by clients, regulators, and market-specific obligations.
  • Develop executive reporting, KPIs, and governance materials for senior leadership and risk committees.
  • Present certification, compliance, and regulatory risk matters to executive leadership and governance forums.
  • Build, mentor, and lead a high-performing cyber audit and assurance team.

Benefits

  • Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children
  • Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs
  • Dental coverage, including up to $5,000 in orthodontia benefits
  • Vision insurance with coverage for both glasses and contact lenses annually
  • Reimbursement for gym memberships and other fitness activities
  • Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan
  • Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement
  • Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)
  • Paid sick time on an as needed basis
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service