Security Manager II

Pracovní nabídka

As a Security Manager for McKinsey’s Operations practice, you will contribute to practice product and cloud security across AWS or Azure or GCP by supporting the implementation of the firm's security standards in alignment with the strategic business plan.

What you will do:

You will assist in embedding "Shift Left" strategies, tools, and processes across the software development lifecycle. Additionally, you will work closely with CSTs to ensure cybersecurity considerations are integrated throughout the engagement delivery lifecycle, including infrastructure and tooling decisions, secure product development, and the processing and deletion of client data.

In this role, your responsibilities will include conducting security assessments of products to ensure alignment with the firm’s established security requirements and processes. You will collaborate with product risk teams and other internal risk functions to support end-to-end risk assessments of products. Additionally, you will assist in client engagements by working with the team to provide cybersecurity assurance during client interactions, which may involve responding to security questionnaires, participating in workshops, and supporting due diligence processes. You will also play a key role in supporting compliance efforts by helping to implement and manage independent third-party attestations of industry cybersecurity standards and certifications, such as ISO 27001 and SOC 2, for practice-specific solutions and products.

As part of your responsibilities, you will collaborate with the Security Operations Center (SOC), Threat Intelligence, and Crisis Response Teams to address practice-related cybersecurity incidents, ensuring timely identification, remediation, and documentation of lessons learned. You will contribute to the preparation of practice-level cybersecurity reports, metrics, and forecasts for practice and firm leadership.

Furthermore, you will assist in implementing firm-wide cybersecurity, data protection, and privacy policies, standards, and processes within the practice. Finally, you will support proactive risk management efforts and help establish cybersecurity controls to enhance the security posture of asset development and engagement.

Your role offers an opportunity to work closely with various teams to strengthen our cybersecurity framework and protect our firm’s assets.

What we are looking for:

• 5+ years of experience in a similar Information Security Role. Knowledge of Secure Software Development Lifecycle and DevSecOps
• Technical understanding of a range of enterprise IT and cloud-based architectures and technologies (AWS, Azure, Databricks etc.), networking, server infrastructure, operating systems, web applications, databases, containerization
• Working Knowledge of common information security controls, guidelines and standards, such as ISO27001, SOC 2, NIST CSF, NIST SP800-53, GDPR, etc.
• Experience of conducting risk assessments, threat modeling and information security reviews, and audits Experience with security technologies and tooling, e.g. vulnerability scanners, firewalls, network monitors, IAM, SIEM, IDS/IPS
• Strong analytical and organizational skills and the ability to work independently, as well as part of a wider team, with minimal supervision
• Strong written and verbal communication with the ability to converse effectively at all levels of seniority, both internally and externally