WHAT YOU'LL DOUnder the general direction of the Director of Information Security and working with other Senior Managers in IT and throughout the Global Functions, the roles will perform the following functions:Maintain up-to-date knowledge of the Security industry as it relates to BCG including:Standards, regulations and legislation.Threats and vulnerabilitiesTechnologies and solutionsIndustry best practicesClient requirements and concernsSolid understanding of laws and regulations impacting Information Security like EU GDPR and Deutsche DSGVO.Industry frameworks and certifications like ISO, NIST, Cobit or Cyber Essentials and others.Provide input and represent client interests in the areas of:Security PolicyOrganization Security – 3rd Party Security, Outsource Security, Information Security InfrastructureAsset Classification and ControlPersonnel SecurityPhysical and Environmental Security related to ITCommunications and Operations ManagementAccess ControlSystem Development and MaintenanceBusiness Continuity ManagementCompliance and AuditIncident Response and InvestigationWork across the firm to identify risk, develop and plan risk mitigation strategies and ongoing audit functions related to client informationProvide timely response to client inquires by completing client questionnaires, writing client responses and participating on conference calls and meetings with clients, BCG Partners, case teams, Legal and Risk DepartmentsIncident response management for client security incidentsUpdate externally-oriented documents and propose new documents and materials in order to respond to requests quickly and completelyPropose standards in accordance with Industry state-of-the-art alternatives, and requirements for data and information sharingWork with IT Directors, Managers, Architects and staff to implement, monitor and maintain Confidentiality,Availability and Integrity of BCG information assetsTrack and manage materials provided to external providers and clientsManage onsite client assessments and coordinate agendaParticipate as an integral part of the Security Team and IT in generalProvide input, feedback as an integral part of IT projectsReview and prepare monthly status reports and statisticsStrike an effective balance between security and user requirements based in risk management principles.Maintain information security credentials and certifications as required to present a credible presence to internal and external audiencesProvide backup to other BCG Security Architects to audit, monitor and report on the various components of BCG IT securityYOU'RE GOOD ATTechnical and functional expertiseRequires an advanced level of professional knowledge in information technology and security developed through a combination of advanced degrees in information technology and hands on experience. Must have previous career development experience which has provided management skills, motivational skills, interpersonal skills, and outstanding organizational effectivenessKnowledge of the legal and regulatory landscape related to security and privacy in an international environmentVery strong business sense with ability to relate technology issues to businessProblem solving, analytical skills and decision makingRequires strong analytical skills and abilities including an extensive knowledge of software, data base, operating systems, client server architecture and voice and data communication services and facilities, security and privacy, in an international settingCollect, review, and analyze various metrics, which help to measure and monitor systems, departmental performance, and quality. Discern and analyze trends.Review and prepare monthly status reports and statisticsManage group and project budgetsCommunication, interpersonal and teaming skills Outstanding verbal and written communications skills are a must because of the requirement to represent BCG in communications with clients.Calm demeanour, grace under fire, outstanding listening skillsLeadership, impact and changeHigh level of initiative and self-motivation, resourceful, and patient with an iterative processAbility to gain trust and commitment of others at different levels of the organizationProven ability to challenge traditional way of operating and moving beyond the obviousTranslates BCG’s broader strategic objectives and cascades these into own work plans, metrics and team work plansWorks effectively with significant ambiguity and fluctuating priorities and constrainsWork management, organization and planningAbility to evaluate and prepare detailed project plans for technology projects that will be implemented across the business. Manage local and global technology problems and direct staff in resolution of such problems. Evaluate and advise on the technology and systems components associated with projects adopted by BCG corporate and officesAbility to monitor projects and direct staffs to ensure projects are aligned with the strategic objectives of the businessCustomer and business focus Focuses on the most critical issues that have the highest impact on the organization and business needsWorking mode: “enabling”, “value adding” and “expanding”Treats all others with respect; generate trustPeople management This position requires interaction with BCG Partners, BCG Case Team staff, client legal and security staff, Administrative Management, vendors, IT Management and Staff, Legal Department, Finance, Vendors, etc. Very strong relationship skills are essential. Excellent Leadership and teaming skills are requiredValues and ethics Strong sense of confidentiality and integrityTreats others with respect and generates trustEstablish relationships based on respect, trust and integrity.WORK ENVIRONMENT:Must be able to perform successfully in a fast-paced, intellectually intense, service-oriented environment and to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture.Experience working successfully within a complex matrix structured organization is essential.It is necessary to have the ability to understand and manage complex reporting relationships and incorporate multiple cultures.YOU BRING (EXPERIENCE & QUALIFICATIONS)Bachelors degree (or equivalent); Master's degree preferred with extensive experience in the application of technology and security to business problems; the ideal candidate would have an MBASuccessful maintenance of certification in either ISO, CISSP, CISMMinimum of 10 years of business experience, with a very strong technical background and significant information security and risk management experience in a multinational enterprise YOU'LL WORK WITHBCG’s information technology group collaboratively delivers the latest digital technologies that enable our consultants to lead and our business to grow. For our IT jobs, we seek individuals with expertise in the areas of IT infrastructure, application development, business systems, collaborative and social technologies, information security, and project leadership.ADDITIONAL INFORMATIONThe Boston Consulting Group (BCG) is a general management consulting firm, widely regarded as a global leader in business strategy consulting. The firm has built its worldwide practice on intellectual leadership and has helped change the way many corporations approach, and engage in, competition. Many of BCG's strategic concepts are taught at leading business schools and executive education programs around the world. BCG is a privately owned firm with over 77 offices in 42 countries. BCG’s Global Functions provide professional management services to the firm, including the central operations of finance, information technology, marketing, risk, legal, operations and human resources.POSITION SUMMARY:The Client Assurance Security Lead works in the Information Security Risk Management team with BCG's Information Security team, Legal, Risk, Client Services Officers and client case teams, and clients to address client information security concerns. This includes, but is not limited to:Responding to client inquiries related to information securityDeveloping standard materials for clientsTracking trends in information securityTracking trends in client security requirementsAnalyzing client requirements by industry, geography, etcRepresenting client interests in BCG policy, technology, solutions, etc.Recommending projects, initiatives, standards, etc., based on client requirementsAssisting in Incident response for security issues related to clientsResponding to, and to the extent possible, accommodating special client requests and requirementsTracking and reporting on client security issuesManaging key security programs, projects, research etc.