Senior Manager – Assurance and Cyber Risk
- 10 years of experience in a leadership role in combination of risk management, security and/or IT; 4-5 years of IS related business experience in a professional services environment (Big 4 preferred)
- Professional certification, such as a CISSP or CISM or other comparable information security credentials
- Hands on experience of technical security concepts including authentication, authorization, data security, application security, cloud services and data governance
- Experience with the following industry/regulatory requirements and frameworks: ISO27001/2, COBIT, SOC2, SOX, NIST 800-53, NIST CSF
- Experience in partnering with IT teams from different disciplines in a combined effort to achieve project success
- Experience with privacy regulations such as GDPR is strongly preferred
- Comfortable in a fast-paced environment and simultaneously working on multiple projects/streams of work
- Excellent interpersonal and collaborative skills; ability to articulate and present information to all levels of management
- Excellent written and oral communication skills to both a technical and non-technical audience
Who You'll Work With
You will be based at our North American Knowledge Center (NAKC) in Waltham, MA. You will work to identify levels of risk and develop appropriate risk treatment plans in line with the overall firm cyber strategy. You'll work directly with the key functional areas (Information Security, Risk Management, Legal, Compliance & Client Facing Teams) to ensure engagement and collaboration regarding solution development, implementation, execution, and calibration.
What You'll Do
You will lead the overall development of an assurance program to evaluate, measure, and manage risks across McKinsey.
In this role you will provide information security leadership in the design, development and implementation of the cyber risk management program, including: developing a risk management framework for assessing cyber risk across varying solution cells, designing an assurance program to gather and report on metrics, advising on policies and procedures and influencing the strategic direction for McKinsey as a whole.
You will be responsible for developing the Cyber Risk Assurance Program, which includes reaching consensus with the Information Security and Risk teams on the core components of risk management and compliance that will form the basis of the global program. You will partner and collaborate with internal teams to facilitate the development of a standard risk management program that allows us to evaluate the effectiveness of information security programs with respect to meeting the firm's and our clients' standards for data security. You'll develop, maintain, communicate and provide guidance firm security policies and standards, manage the policy exception process and facilitate appropriate resource allocation and increase the maturity of the security program.
You'll liaise with external agencies and other advisory bodies to ensure that the organization maintains a strong security posture and privacy program. You will help lead data governance efforts including data inventory, classification and implementation of security controls in support of privacy (GDPR) and security compliance. You'll provide subject matter expertise to executive management on a broad range of information security standards and leading achievable practices, such as ISO and NIST CSF. You will liaise with external agencies and other advisory bodies to ensure that security programs are in compliance with applicable laws, regulations and policies.
You will also develop relevant metrics to measure the efficiency and effectiveness of the programs, facilitate appropriate resource allocation and enhance the maturity of the security and compliance program.
Meet Some of McKinsey's Employees
Danielle is one of the leaders of McKinsey’s business with retail and consumer clients. She oversees client projects and helps her teams and her clients utilize McKinsey’s resources.
Back to top