Bain & Company Inc Manager, IT Information Security, Risk and Compliance (M&A) in Boston, Massachusetts
WHAT MAKES US A GREAT PLACE TO WORK
We are proud to be consistently recognized as one of the world's best places to work, a champion of diversity and a model of social responsibility. We are currently ranked the #1 consulting firm on Glassdoor’s Best Places to Work list, and we have maintained a spot in the top four on Glassdoor's list for the last 12 years. We believe that diversity, inclusion and collaboration is key to building extraordinary teams. We hire people with exceptional talents, abilities and potential, then create an environment where you can become the best version of yourself and thrive both professionally and personally. We are publicly recognized by external parties such as Fortune, Vault, Mogul, Working Mother, Glassdoor and the Human Rights Campaign for being a great place to work for diversity and inclusion, women, LGBTQ and parents.
WHO YOU'LL WORK WITH
Bain’s Information Security team is a global team of cybersecurity professionals who are working to protect Bain’s and our client’s critical information assets. Our mission is to assess risks to critical areas and any cyber threats to provide continuous guidance and improved information security standards to all facets of Bain’s business services and consulting operations. Our utmost priority is to ensure the confidentiality, integrity and availability (the C-I-A Principles) of our work for our clients.
WHAT YOU'LL DO
The Manager role will be a key member of the Information Security team, working closely with the Security Architecture & Engineering team and Cyber Operations team to identify, assess, and manage information security risks. This role will provide expert consultation and relationship management specific to Bain’s M&A activity as well as driving the internal risk management program. This position partners with key business leaders, project and integration teams, technical leads, legal, and third parties. Success in this role will enable the business to make strategic decisions and ensure security risks are adequately addressed throughout the M&A Lifecycle.
Mergers & Acquisitions
Manage the full life cycle of day-to-day security due diligence and integration activities including coordination of detailed functional plans, communication with key stakeholders, and issue resolution for Bain & Company acquisitions
Standardize and improve existing due diligence and security integration methods with inputs from across the Information Security team in order to comprehensively assess the target organization's technical environment, security posture and capabilities, and inherit internal and third-party risks.
Perform acquisition risk assessments that include discovery and consideration of data types, regulatory requirements, organization size, business process, technology use and organizational security posture.
Document due diligence results, residual risks, and remediation tasks; communicate risks clearly to key stakeholders.
Propose and implement tooling to help Bain maintain an accurate risk register and track mitigation decisions and progress
Perform analysis of risk data to identify patterns of deficiencies and collaborate with security architects to propose mitigation solutions
Manage Bain’s core security policies and standards to ensure appropriate baseline of security expectations and compliance with industry standards
Delivers and may assist other team members in threat modelling, risk identification and mitigation strategies, control documentation, evaluation of control design, evaluation of control operation, reporting of control deficiencies, and remediation strategies.
Create metrics and dashboards for Senior Leadership
Privacy & Compliance
Work closely with Bain’s Data Protection team (Legal) to drive activities around impact analyses or risk assessments and document appropriately and provide guidance on remediation activities to meet a growing number of privacy regulations
Enhance and maintain the security awareness program, including phishing campaigns, training, and other initiatives associated to the overall program
Development and assist in the training policies and protocols for cybersecurity
Demonstrate a deep knowledge of information security and provide guidance to other TSG members across Bain & Company offices worldwide
Leadership & Communications
Assist and act as a mentor with other team members in various projects as needed.
Effectively communicates technical issues to diverse audiences
Bachelor's degree in MIS, Computer Science, Business or equivalent work experience in a technology role
5-8 years of work experience
5+ years’ experience in a GRC or information security role
3+ years’ experience leading or influencing a risk management program
Demonstrated experience with cyber security and risk management standards such as the ISO 27000 series, NIST RMF and CSF, Cloud Security Alliance (CSA) and CIS Top 20
Understanding of regulatory and data privacy concerns globally
Knowledge of information security technologies (i.e. access controls, data loss prevention, penetration testing, risk and vulnerability assessment, identity & access management).
Solid business acumen, flexibility, and judgment to evaluate issues/problems of high complexity and make sound decisions.
Strong project management and people management skills.
Solid analytical skills and understanding of processes, technology, and operational concepts.
Ability to weigh business needs against security concerns and recommends necessary changes to enhance information security
Demonstrated experience managing IT security risk in both on-premises and cloud (IaaS, PaaS, SaaS) environments.
Strong communication skills and the ability to comfortably and effectively articulate security and risk related concepts to technical and non-technical audiences.
Critical Thinker: Able to assess, internalize, and reconstruct a problem objectively to identify solutions/option
3+ years’ experience supporting M&A activities in a Security role.
CISSP, CISM, CISA or similar cyber management certification is a plus
CIPP or similar privacy certification is a plus
About Bain & Company
Bain & Company is a global consultancy that helps the world’s most ambitious change makers define the future.
Across 63 offices in 38 countries, we work alongside our clients as one team with a shared ambition to achieve extraordinary results, outperform the competition, and redefine industries. We complement our tailored, integrated expertise with a vibrant ecosystem of digital innovators to deliver better, faster, and more enduring outcomes. Our 10-year commitment to invest more than $1 billion in pro bono services brings our talent, expertise, and insight to organizations tackling today’s urgent challenges in education, racial equity, social justice, economic development, and the environment. We earned a gold rating from EcoVadis, the leading platform for environmental, social, and ethical performance ratings for global supply chains, putting us in the top 2% of all companies. Since our founding in 1973, we have measured our success by the success of our clients, and we proudly maintain the highest level of client advocacy in the industry.
External Job Title: Manager, IT Information Security, Risk and Compliance (M&A)
Post: External Career Portal: 10/26/2021
External Company Name: Bain & Company Inc
External Company URL: http://www.bain.com/bainweb/home.asp
Street: 131 Dartmouth Street