Locations: Atlanta | London

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

This role focuses on designing, implementing, and tracking cloud security enhancements with a specialization in Secrets Management across multi-cloud and SaaS environments. You will influence engineering decisions to drive secure and successful business outcomes while collaborating with internal teams to protect enterprise information. Key responsibilities include defining and implementing identity, access, and security requirements; planning, testing, and supporting secure systems; and serving as a Subject Matter Expert on IT projects. Additionally, you will develop and maintain security standards, policies, and procedures, while mentoring team members to foster a strong security culture. This position requires a strategic and hands-on approach to strengthen BCG’s cloud security posture.

 

YOU'RE GOOD AT 

Interacting with stakeholders and possessing the ability to influence direction, articulate risks and advocate for solutions and roadmaps.Managing backlog and roadmap of secrets management items to be completed.Managing end to end delivery of projects with hands on involvement in the development and configuration of products around secrets management and machine authentication.Determining requirements by evaluating business strategies and requirements, implementing information security standards, conducting system and vulnerability analyses and risk assessments, recommending secure architecture aligned to business architecture, and identifying/driving remediation of integration issues.Providing expert knowledge of solution/application architecture for identity related capabilities as well as methodologies in the software development life cycle.Maintaining security data and identity principles by ensuring compliance to standards, policies, regulatory requirements, and good industry practices are achieved.Self-managing progress and status of tasks and deliverables on projects and escalating issues and risks timely.Completing market assessments on vendor products, packages, and services; guiding tests and implementation of products solving enterprise information security requirements.Suggesting and implementing alternative mitigations/compensating controls to allow for business to continue while protecting BCG's assets.Partnering with cross functional teams to ensure compliance to industry and company standards including ISO 27001, SOC2, NIST, GDPR, and DPO standards.Updating job knowledge by tracking and understanding emerging practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.Vendor escalations and Major Incident Management support for business-critical services.Able to provide L3 operational support for Secrets Management tooling and oversight of L1/L2 ops issues.Create and track health, security and adoption metrics.

What You'll Bring

Must Haves:

Ability to drive adoption of secrets management best practices, primarily using HashiCorp Vault3+ years’ experience of secrets management through large scale implementations distributed globallyExperience managing cloud native secrets management solutions such as Azure Key Vault, Google Secrets Manager and AWS Secrets Manager.Experience with Cloud Security Posture Management (CSPM) across the cloud platforms including AWS, Azure, and GCPTier 3 support experience for service outage and mission-critical application supportExperience with app registrations and service principals in Azure ADExperience documenting complex architecturesExperience with GitHub, (or similar tools including Chef or Puppet), Continuous Integration/Continuous Deployment (CI/CD)Knowledge and experience with automating solutions using one or more languages (i.e., Python, PowerShell, Terraform, or similar)

Nice Haves:

Bachelor’s degree (or equivalent related experience)7+ years’ experience working with AWS, GCP, Azure, or Alibaba cloudUnderstanding of API concepts and RESTful servicesUnderstanding of cloud security, zero trust, risk-based authentication, and multi-factor authentication (MFA) solutionsHands-on/direct experience integrating web, single-page, native applications through API endpoints, API services for machine-to-machine authenticationRelated certifications (e.g. Security Plus, CISSP, CCSP, ITIL Foundations, CE+, etc)Experience working in Agile, knowledge of Jira, Jira Align, Miro, and related tools and principalsExperience as a change management practitioner using industry best practices and ServiceNow tooling and workflows

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.