- Bachelor's degree or equivalent professional or military experience
- 7-12 years of experience working within Information Security
- Broad experience working across multiple information security domains (e.g., Security Architecture and Engineering, Identity and Access Management, Software Development Security, Communications and Network and Hardware Security)
- Professional certifications (e.g. CompTIA Security+, CISSP) preferred
- Ability to work both independently and in a global virtual team setting and act with an ownership mentality and entrepreneurial spirit under hands-off supervision
- Familiarity with security frameworks (e.g. NIST, OWASP, PCI DSS, HIPAA, HITRUST) and risk management methodologies
- Ability to create compelling written and verbal communications which clearly deliver even the most complex messages; Able to use written communications to push the thinking and build alignment and effectively tailor communications to the audience’s needs, including those which are broad, senior, nontechnical, and/or challenging
- Demonstrated experience as a security thought leader
- Experience organizing, shaping, and building consensus around security standards
- Comfortable creating presentations and presenting to senior leadership
- Strong facilitative problem-solving skills as a leader, with the ability to negotiate across teams to prioritize security by design
- Ability to mediate cross-team consensus for risk-based strategies, including to mitigate the security implications of technical debt
- Ability to converts non-security colleagues into evangelists for security matters which may impact their work
- Experience developing an in-depth understanding of business contexts. Shapes security operations via an empathetic understanding of business projects
WHO YOU'LL WORK WITH
You'll join our Waltham or Atlanta office and will be part of our security center-of-excellence, working closely with all product owners across McKinsey to develop and implement security standards and procedures.
You'll work with Risk and Compliance to provide technical details and architecture that meets the firm's risk posture in an actionable way for technologists to consume.
WHAT YOU'LL DO
Working in the office of the CISO, you'll co-create and update security standards in close collaboration with technical leads and work with the latest technologies as part of a global team.
You will work closely with product managers, risk managers, technical leads and developers to ensure that any procedures created meet our security standards and policies, thus improving both the security, usability and customer experience utilizing agile methodologies.
The prioritization of standards and/or procedures to focus on will be based on various factors such as audit findings, discussions with architecture forums, and other McKinsey teams. You'll also be responsible for identifying, driving, and problem-solving continuous improvements and innovations of McKinsey's security posture, including as part of our cloud transformations.