Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Senior Director of Cyber Enterprise Risk Management will drive the governance and oversight of cyber-related risks within the broader enterprise risk management (ERM) framework. This role will focus on establishing a robust governance structure that integrates cyber risk into the overall risk management strategy, ensuring executive-level visibility and decision-making on critical cyber risks. The successful candidate will provide strategic guidance, enable cross-functional collaboration, and enhance risk governance frameworks to ensure that cyber risks are effectively managed within the context of broader business risks.

 

Key Responsibilities:

Cyber Risk Governance Strategy: Develop and oversee the governance structure for integrating cyber risk into the enterprise risk management framework. Ensure that cyber risks are aligned with overall business risks and priorities and that appropriate risk mitigation strategies are in place.Risk Committee Engagement: Act as a key advisor to the Risk Oversight bodies, providing insights into cyber risks and their potential impact on business strategy and operations. Facilitate informed decision-making and strategic risk management at the highest level.Enterprise Risk Integration: Collaborate with risk management, legal, finance, and other functional teams to ensure that cyber risks are consistently evaluated and integrated into the broader enterprise risk assessments, including financial, operational, and strategic risks.Risk Appetite and Tolerance: Work with senior leadership to define and communicate the organization’s cyber risk appetite and tolerance levels, ensuring alignment with overall enterprise risk appetite. Ensure that the governance framework supports risk-based decision-making and prioritization.Risk Reporting and Transparency: Establish key metrics and reporting mechanisms to regularly update the Risk Committee on the organization’s cyber risk posture. Provide clear, actionable reporting that connects cyber risks to business outcomes and organizational objectives.Continuous Improvement and Adaptability: A proactive attitude toward improving cyber risk management processes, incorporating industry best practices, and adapting to the changing threat landscape.

 

YOU’RE GOOD AT

Leadership and Influence: Demonstrated ability to engage, influence, and collaborate with senior executives and cross-functional teams to drive strategic risk initiatives and foster a risk-aware culture.Cyber and Enterprise Risk Management Expertise: Deep understanding of cyber and ERM principles and frameworks (e.g., NIST, ISO, COSO, COBIT) with experience in integrating cyber risks into enterprise risk assessments and processes.Cyber Risk Knowledge: Strong expertise in identifying, assessing, and mitigating cyber risks within complex organizations. Ability to translate technical cyber risk into business-relevant language that resonates with senior leadership.Executive Communication Skills: Proven experience in presenting risk management findings and recommendations to executive committees, risk oversight bodies, and boards of directors. Ability to distill complex information into actionable insights for senior leaders.

What You'll Bring

Bachelor’s degree (or equivalent)Minimum of 15 years of experienceKnowledge of the legal and regulatory landscape related to security and privacy in an international environment.Executive presence, ability to influence senior IT and Global Risk leaders.Knowledge of cyber security landscape in modern digital technologies, particularly in cloud and supplier security, in technological, business and operational aspects.Ability to communicate (written and verbally) highly complex and technical concepts and information risk to technical and non-technical business audience to aid them in making informed risk decisions.Must have experience managing compliance efforts and experience with business risk management with the ability to communicate the balance between strong security and enabling business.Experience in a global, cross-functional team.Ability to apply entrepreneurial and innovative mind-set and attitude to adapt to the speed and agility needed for evolving business demands.

Who You'll Work With

A global team of information security professionals and business leaders.  Interact daily with the world’s most remarkable entrepreneurs, designers, engineers, architects, product experts and developers collaborating to create strategic advantage for the most important global companies. You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture. You will be an integral part of the BCG Risk Management team in delivering the Information Security Risk Management (ISRM) program for all of BCG. 

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.