WHAT YOU'LL DO
The Cyber Security Threat Emulation & Attack-Surface Modeling (C-STEAM) Senior Director is responsible for driving thought leadership across IT product teams, DevSecOps practitioners, and technology product owners, providing actionable reporting on the security health of BCG’s technology assets and driving adversary simulation campaigns that enhance BCG’s readiness for a cyber security attack. This role reports the Chief Information Security Officer, interfaces closely with and influences first-line-of-defense technical product owners, portfolio leaders, security engineers, and software developers. This leader shines when the pressure is high, acting as a trusted advisor to the Chief Information Security Officer, Chief Architect, IT Leadership Team, Information Security Risk Management leadership, and the Chief Risk Officer.

The C-STEAM Senior Director will drive the scalable measurement and reporting of cybersecurity hygiene health across BCG’s global attack surface, including vulnerability management, red & purple teaming, application security, and configuration management. They will attract, grow, inspire, and retain a diverse, high-performing team of cybersecurity engineers and engineering leaders.
 

YOU'RE GOOD AT

• Leading teams through change, ambiguous situations, and competing priorities.
• Understanding the business, strategy, and marries strategy to relevant information security requirements, discerning between outputs and outcomes and bringing data-driven stories to key stakeholders.
• Co-leading purple team activities with first-responders, improving cyber defense through effective emulation of adversary tactics and knowledge sharing.
• Driving adoption of effective controls and architecture patterns required for BCG to effectively defend against attackers with varied skillets and motivations.
• Influencing peers and product teams to mature and promote industry-leading security control hygiene across the overall technology landscape.
• Sharing best practices in information security between the business units and the rest of the enterprise.
• Enriching risk management conversations with industry knowledge and actionable architecture analysis. Consulting with architects and product owners on likely threat scenarios and effective mitigation strategies.
• Strategically balancing team skillset with vendor capabilities to provide comprehensive, ever-maturing capabilities for solution architecture, technology stack performance.

YOU BRING (EXPERIENCE & QUALIFICATIONS)
 

• Bachelor’s degree (or equivalent).
• Minimum of 12 years of information security risk management experience, with a strong background in enterprise architecture, secure software development practices, cloud & infrastructure security, security applications and technologies.
• Subject matter expert in cyber security practices that include the configuration and architecture of security tools and products (e.g. endpoint detection & response, network and application firewalls, cloud security posture management, attack surface vulnerability scanning, etc.), service-oriented architecture, machine learning and artificial intelligence, common attacker tools, techniques, and practices (e.g. Burp Suite, Cobalt Strike, fuzzers, metasploit, etc.) and the defender strategies needed to successfully protect BCG.
• Expert knowledge with cumulative hands on experience across a vast array of technology platforms.
• Knowledge of the legal and regulatory landscape related to security and privacy in an international environment.
• Executive presence, ability to influence senior IT and Global Risk leaders.
• Knowledge of cyber security landscape in modern digital technologies, particularly in cloud Security, in technological, business and operational aspects.
• Ability to communicate (written and verbally) highly complex and technical concepts and information risk to technical and nnon-technical business audience to aid them in making informed risk decisions.
• Experience leading a global, cross-functional team.
• Ability to apply entrepreneurial and innovative mind-set and attitude to adapt to the speed and agility needed for evolving business demands.