Locations: Washington | Boston

Who We Are

BCG pioneered strategy consulting more than 50 years ago, and we continue to innovate and redefine the industry. We offer multiple career paths for the world's best talent to have a real impact on business and society. As part of our team, you will benefit from the breadth and diversity of what we are doing today and where we are headed next. We count on your authenticity, exceptional work, and strong integrity. In return we are committed to supporting you in discovering the most fulfilling career journey possible-and unlocking your potential to advance the world. Our team called Global Services (GS) provides corporate support to business areas such as Finance, Legal, HR, Marketing and IT. This diverse team of experts, operators and specialists represent all levels from Partner to entry level staff, operating across the globe in multiple countries. Global Services is in short, the backbone of BCG.

What You'll Do

In this role, you will design and implement security systems to protect company assets, focusing on compliance with US Government security requirements. You will develop and enforce security policies, procedures, and standards in accordance with federal regulations and guidelines. Conducting regular security assessments and audits to identify potential vulnerabilities and ensure compliance with NIST, CMMC, and other federal standards will be a key responsibility. You will collaborate with IT and business units to integrate security into all phases of projects and operations. Managing and enhancing the organization's DevSecOps processes to ensure security is integrated throughout the software development lifecycle will be essential. You will oversee the implementation and management of security protocols within Azure Government Community Cloud (GCC) High environments, ensuring compliance with federal requirements. Additionally, you will provide security risk assessments of AI and Generative AI (GENAI) capabilities, identifying potential risks and recommending mitigation strategies. Staying updated on the latest security trends, technologies, and federal regulations will be necessary to ensure the company's security measures are current and effective. Furthermore, you will provide guidance and training to employees on security best practices, specifically those relevant to federal contracts, and work with third-party vendors to ensure their security posture aligns with US Government requirements. 

What You'll Bring

Preferred certification in one or more Information Security relevant areas such as, Security Professional (CISSP), Cloud Security (CCSP, CCSK) Minimum of 8 years of information security experience, with a strong background in cloud native infrastructure, network security, security applications and technologies. Subject matter expert in security practices that include the full administration of security control systems, vulnerability identification and mitigation, best practices for securing/hardening, and risk analysis. Knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response. In-depth experience of vulnerabilities, intrusion detection systems, firewall management, network vulnerability analysis, cryptographic theory and practice, incident analysis and response, software testing and security assessment, malicious code and software exploitation techniques, continuous monitoring and event logging, cyber-crimes, computer forensics analysis and computer crime investigation. In-depth knowledge of security frameworks and standards, including NIST SP 800-171, NIST SP 800-53, CMMC, and other relevant federal guidelines. Experience with cloud security, including AWS, Azure, or Google Cloud Platform, with specific expertise in Azure Government Community Cloud (GCC) High environments. 

Who You'll Work With

You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG's values and culture.  You will be a part of a team of professionals in support of internal IT and business professionals, and consultants delivering business and management strategy to our clients.  You will work with application developers and data analysts providing tools and support for our consultants. You will be an integral part of the BCG Information Security Risk Management team in delivering the security program for Gamma and all of BCG. 

Additional info

Total compensation for this role includes base salary, annual discretionary performance bonus, contributions to BCG's Profit Sharing and Retirement Fund (PSRF), and a market leading benefits package described below.Some local governments in the United States require job postings to include a reasonable estimate of base compensation. We expect your total annualized compensation to be approximately the following:· In Washington D.C., the base salary is between $178,000- $228,000 (USD); placement within this range will vary based on experience and skill level· In other locations, competitive pay is commensurate with the role and geography· Annual discretionary performance bonus between 0-12%· 5% Profit Sharing Retirement Fund (PSRF) contribution, increasing to 10% after two years of service. Contributions are vested immediately and there is no waiting periodAll of our plans provide best in class coverage:Zero dollar ($0) health insurance premiums for BCG employees, spouses, and childrenLow $5 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugsDental coverage, including up to $5,000 in orthodontia benefitsVision insurance with coverage for both glasses and contact lenses annuallyReimbursement for gym memberships and other fitness activitiesFully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) planPaid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursementGenerous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)Paid sick time on an as needed basis*Employees, spouses, and children are covered at no cost. Employees share in the cost of domestic partner coverage.

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.