- Bachelor's degree
- 10+ years of work experience
- Effective communication and persuasion skills
- CISSP, GSEC, CISA or GSEC preferred
- Familiarity with ISO 27001, SOC2 frameworks preferred
- Familiarity with global privacy laws and their impacts
- Familiarity with basic information management, data security and infrastructure management practices
- Experience with LAMP and Open Source tools and technologies
- Experience with IAM tools such as MFA, Okta, Tivoli Access Management or similar.
- Experience with Next Generation Firewalls, AV, NIDS, HIDS and SIEM.
- Familiarity with static and dynamic code analysis is a plus
- Familiarity and some working experience with software engineering (e.g. C++, Java, Ruby, Node.js, and others)
- Understanding of web and database technologies, concepts and design elements of on premise, cloud based and hybrid architectures
- Good understanding of presentation tiers (Apache, Tomcat, Nginx, IIS)
- Experience with containerized environments (Dockers, DC/OS, Kubernetes) preferred
- Experience with at least one of the major cloud IaaS providers (AWS, Azure, Google)
- Experience with SaaS providers and integration (SalesForce, Office 365, Workday, Okta) preferred
- Experience with APIs, especially REST. Familiarity with Apigee preferred
- Strong hands on skills with server operating systems and environments (Linux, Windows)
- Knowledge of Enterprise Architecture discipline and frameworks
- Experience in at least two disciplines from the following: Application Solution, Technical/Infrastructure, Information/Data or Business Architecture
Who You'll Work WithYou'll be based in our Prague office and will be part of our Information Security practice and will work in the Information Security Architecture group. This group is primarily focused on securing internal products and services for the firm. You'll work in small global team in a highly collaborative way, use the latest technologies and enjoy seeing the direct impact from your work.
What You'll Do
You will be doing gamut of security roles, mostly focused on developing secure architecture solutions for the firm.
You will come up with cost effective strategies for protecting critical assets of the firm and will be familiar with information security techniques along with risk assessment and management practices. You will be responsible for identifying risk, and you will influence other domain architects to ensure a secure operational model for the business owners.
While developing cost effective strategies to protect confidential data of the firm, we expect you to have hands on experience with security techniques and technologies, including: encryption, access control, network security, Cloud, SaaS, PaaS, Application Programming Interfaces and application security practices.
You will conduct research on upcoming security standards, frameworks and technologies and define, implement, maintain and mature existing corporate security policies, standards and guidelines. At times you will evaluate emerging technologies and security software tools and techniques for benefit and compatibility. You will help align your findings against Cyber initiatives of the firm and mature it in due process.
You will act as an information security consultant to our internal facing product owners of the firm and advise them on information security risks and best practices. To help quantify your findings, you will conduct risk management services that include business impact, threat modeling and vulnerability assessments of the products and services with the aim to find common architectural flaws and patterns. To help address your findings, you will influence product owners with cost and resource estimates findings.
You will act as a change agent and help reduce risks of firm's product on a consistent basis. To that end, you will document the risks and publish solutions, standards and guidelines.
Meet Some of McKinsey's Employees
Danielle is one of the leaders of McKinsey’s business with retail and consumer clients. She oversees client projects and helps her teams and her clients utilize McKinsey’s resources.
Back to top