Global Information Security Senior Manager - Incident Response

Proactively monitoring and analyze logs via the SIEM for indicators of attack
Mentoring more junior team members
With the Information management team, follow-up on incidents, issues, and concerns related to data loss
Manage incidents related to data loss, producing alerts and escalating issues to appropriate management
Provide SIEM solutions and support for specific case team and/or project needs and requirements
Develop and produce operational metrics that demonstrate the effectiveness of controls, quantifies security risks and issues, confirms service levels, tracks incident type and volume
Apply industry and BCG security knowledge, policy, standards, practices to incident response
Respond to inquiries related to data loss and inappropriate sharing
Develop standard materials in support of BCG Information Security
Respond to, and to the extent possible, accommodate special requests and requirements
Track and report on security issues
All other tasks and responsibilities as requested by manager
Maintain up-to-date knowledge of the cyber security industry as it relates to BCG including:
Attacker methods and TTPs
Standards, regulations and legislation.
Threats and vulnerabilities
Technologies and solutions
Industry best practices
Client requirements and concerns
Provide input and represent BCG and client interests in the areas of:
Incident response and investigation
Incident response management for client security incidents
Work with IT Directors, Managers, Architects and staff to implement, monitor and maintain Confidentiality, Availability and Integrity of BCG information assets.
Track and manage materials provided to external providers and clients.
Maintain information security credentials and certifications as required to present a credible presence to internal and external audiences.

YOU'RE GOOD AT

Technical and functional expertise
Requires an advanced level of professional knowledge in information technology and security developed through a combination of advanced degrees in information technology and hands on experience.
Must have previous career development experience which has provided management skills, motivational skills, interpersonal skills, and outstanding organizational effectiveness.
Knowledge of the legal and regulatory landscape related to security and privacy in an international environment.
Very strong business sense with ability to relate technology issues to business.

Problem solving, analytical skills and decision making
Requires strong analytical skills and abilities including an extensive knowledge of software, database, operating systems, client server architecture and voice and data communication services and facilities, security and privacy, in an international setting.
Collect, review, and analyze various metrics, which help to measure and monitor systems, departmental performance, and quality. Discern and analyze trends.
Review and prepare monthly status reports and statistics.
Manage group and project budgets.

Communication, interpersonal and teaming skills
Outstanding verbal and written communications skills are a must because of the requirement to represent BCG in communications with clients.
Calm demeanor, grace under fire, outstanding listening skills.

Leadership, impact and change
High level of initiative and self-motivation, resourceful, and patient with an iterative process.
Ability to gain trust and commitment of others at different levels of the organization.
Proven ability to challenge traditional way of operating and moving beyond the obvious.
Translates BCG's broader strategic objectives and cascades these into own work plans, metrics and team work plans.
Works effectively with significant ambiguity and fluctuating priorities and constrains.

Work management, organization and planning
Ability to evaluate and prepare detailed project plans for technology projects that will be implemented across the business. Manage local and global technology problems and direct staff in resolution of such problems. Evaluate and advise on the technology and systems components associated with projects adopted by BCG corporate and offices.
Ability to monitor projects and direct staffs to ensure projects are aligned with the strategic objectives of the business.

Customer and business focus
Focuses on the most critical issues that have the highest impact on the organization and business needs.
Working mode: "enabling", "value adding" and "expanding".
Treats all others with respect; generate trust.

People management
This position requires interaction with BCG Partners, BCG Case Team staff, client legal and security staff, Administrative Management, vendors, IT Management and Staff, Legal Department, Finance, Vendors, etc. Very strong relationship skills are essential. Excellent Leadership and teaming skills are required.

Values and ethics
Strong sense of confidentiality and integrity.
Treats others with respect and generates trust.
Establish relationships based on respect, trust and integrity.

YOU BRING (EXPERIENCE & QUALIFICATIONS)

Bachelor's degree (or equivalent);
Minimum 9 years of information security experience, with a very strong technical background
Significant information security and risk management experience in a multinational enterprise
Demonstrated Threat Hunting and Incident Response experience (from a Consultancy or SOC environment)
Experience with Security Information and Event Management (SIEM) monitoring tools and their use (Splunk, Arcsight, QRadar or similar)
Security certification like GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH) or equivalent a plus.
Fluent in both oral and written English.

YOU'LL WORK WITH
BCG's information technology group collaboratively delivers the latest digital technologies that enable our consultants to lead and our business to grow. For our IT jobs, we seek individuals with expertise in the areas of IT infrastructure, application development, business systems, collaborative and social technologies, information security, and project leadership.