WHAT YOU'LL DO
As the IT Security Controls Manager your will act as a "cyber control officer" of the Company under the supervision of the Director of Strategy, Governance and Compliance. You will plan, lead and develop documentation of the information security control requirements of ISO127000 series/NIST 800-53. You will examine existing system and business processes and identify opportunities to increase controls efficiencies while maintaining internal control effectiveness. This will include conducting reviews, recommending solutions and monitoring the implementation of changes required by annual process flowcharts/walk-throughs and general information security control testing. Additionally, the control manager will coordinate and deliver training for control owners on their responsibilities and control tester expectations.
YOU'RE GOOD AT
- Collaborating with technology groups or vendors at all levels to design, standardize, implement information systems controls which mitigate or prevent material loss influenced by ISO127000 series standards, NIST 800-53 or similar control framework domain.
- Supervising Vendor/Contingent Labor Supervision involved in control process
- Partnering with Security Architecture and Secure Supplier teams to manage Controls Coordination
- Drive Process Improvement through streamlining processes, leading process change and directing implementation of automated internal controls.
- Maintaining Controls Environment Documentation including control matrices, narratives, and process flows
- Risk Mitigation and Controls Remediation Programming through identification of security related risks, maintenance and monitoring and facilitation of remediation activities
YOU BRING (EXPERIENCE & QUALIFICATIONS)
- 8+ Years as an information systems auditor of 8+ years working through an IT controls function
- Professional Services company exposure through audit or direct employment, a plus.
- Working in a non-regulated sector and designing minimum viable controls for cybersecurity
- Experience designing and developing information systems controls beyond financial management or SOX standards
- Previous information security / cybersecurity controls experience specifically with Oracle (8 years including 3 years information security testing) required.
- Baccalaureate degree in management information systems or computer science or similar (master's degree a plus).
Controls focus skills
- Experience designing or auditing controls for an enterprise architecture
- Previous segregation of duties design and auditing experience
- Access Recertification testing and design, and auditing experience
- Identity and access management improvement experience
- Cloud control design experience with AWS/Google Cloud/Azure, a plus
Management and organizational skills
- Proven ability to influence at all levels of the organization without formal authority and work closely with Technology groups and executive management.
- Maintenance of technical competence in current auditing practices, compliance policies and government regulations.
- Appetite for leadership and strong project management skills; adept at troubleshooting and persistent at achieving results.
- Exceptional written & oral communication skills required including responding and articulating processes and issues related to cybersecurity controls
- Proficient in Microsoft Office suite of applications
YOU'LL WORK WITH
This team member will work across the Information Security Organization to draw connectivity and controls management between application security, vulnerability management, enterprise architecture, and strategy, governance and compliance. This team member will additionally be critical in building relationships between the global risk function, IT, and information security. BCG’s continued growth and acquisitions will also require continued insight and support from the controls manager to homogenize processes and bring a consistent information security framework to BCG.