\n\n","datePosted":"2023-09-04T14:02:41.399Z","employmentType":[],"hiringOrganization":{"@type":"Organization","name":"McKinsey & Company","sameAs":"https://mckinsey.com","logo":"https://cdn.filestackcontent.com/output=f:webp,t:true,q:80,c:true/cache=expiry:max/resize=w:340/P77DPRtGTye15MmkcIyC"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Washington, DC, USA"}}}
Technology & Digital
Apply Now
Cybersecurity Risk and Compliance Manager
McKinsey & Company
Legal
Washington, DC, USA
Posted on Monday, September 4, 2023
Cybersecurity Risk and Compliance Manager
Who You'll Work With
You’ll join an IT team based out of our Waltham, Washington, DC or Atlanta office, part of our Secure Foundations function within the Tech Ecosystem. This team manages and supports a cloud environment for certain high-risk data and client engagements. You will work closely with various teams across the Tech Ecosystem, as well as non-tech teams, business stakeholders and 3rd party IT vendors.
What You'll Do
Your role will involve identifying opportunities to enhance security by design, developing a profound understanding of our business contexts to influence IT and security operations, and creating, updating, and integrating security policies and procedures. You will also lead the charge in ensuring the restricted environment team’s readiness for external audits, refining the cybersecurity program, and conducting systemic risk assessments.
As a Cybersecurity Risk and Compliance Manager, you will play a crucial role in facilitating cross-team tabletop incident response exercises, advising the Security Operations Center during incidents, and evaluating new security and IT tools from a compliance and risk perspective. Furthermore you will take a lead role in nurturing a culture where colleagues understand the integral connection between our firm's values and information security, making your role instrumental in safeguarding our organization's assets and reputation.
Qualifications
- 5+ years in Governance, Risk, and Compliance (GRC) roles
- US citizenship is mandatory
- Familiarity with common cybersecurity controls frameworks (NIST, CMMC, ISO)
- Excellent written and verbal communication skills
- CISSP, CISM, CISA or similar cyber management certification a plus
- CIPP or similar privacy certification a plus
- Experience managing the information security program for cloud environments
- Familiarity helping technical and non-technical teams negotiate and make informed, risk-based decisions. as well as advising contracts, legal, compliance, and facility security teams from a cybersecurity perspective
- Experience writing, refreshing, and integrating policies and procedures
- Experience performing and documenting systemic risk assessments
- Hands on experience monitoring supply chain risk
Job Skill Group - CSSA
Job Skill Code - SCM - Security Manager I
Function - Technology
Industry - High Tech
Post to LinkedIn - Yes
Posted to LinkedIn Date - Tue Aug 15 00:00:00 GMT 2023
LinkedIn Posting City - Atlanta
LinkedIn Posting State/Province - Georgia
LinkedIn Posting Country - United States
LinkedIn Job Title - Cybersecurity Risk and Compliance Manager
LinkedIn Function - Information Technology
LinkedIn Industry - Information Technology and Services
LinkedIn Seniority Level - Mid-Senior level
Job Skill Code - SCM - Security Manager I
Function - Technology
Industry - High Tech
Post to LinkedIn - Yes
Posted to LinkedIn Date - Tue Aug 15 00:00:00 GMT 2023
LinkedIn Posting City - Atlanta
LinkedIn Posting State/Province - Georgia
LinkedIn Posting Country - United States
LinkedIn Job Title - Cybersecurity Risk and Compliance Manager
LinkedIn Function - Information Technology
LinkedIn Industry - Information Technology and Services
LinkedIn Seniority Level - Mid-Senior level