The Job logo

What

Where

Global Risk Senior Director - Cyber Security Threat Emulation & Attack-surface Modeling

ApplyJoin for More Updates

You must Sign In before continuing to the company website to apply.

Smart SummaryPowered by Roshi
The Cyber Security Threat Emulation & Attack-Surface Modeling (C-STEAM) Senior Director is responsible for driving thought leadership, providing actionable reporting on security health, and enhancing readiness for cyber security attack. They will drive measurement and reporting of cybersecurity hygiene health, attract and retain a high-performing team of cybersecurity engineers, and mature security control hygiene.

WHAT YOU'LL DO
The Cyber Security Threat Emulation & Attack-Surface Modeling (C-STEAM) Senior Director is responsible for driving thought leadership across IT product teams, DevSecOps practitioners, and technology product owners, providing actionable reporting on the security health of BCG’s technology assets and driving adversary simulation campaigns that enhance BCG’s readiness for a cyber security attack. This role reports the Chief Information Security Officer, interfaces closely with and influences first-line-of-defense technical product owners, portfolio leaders, security engineers, and software developers. This leader shines when the pressure is high, acting as a trusted advisor to the Chief Information Security Officer, Chief Architect, IT Leadership Team, Information Security Risk Management leadership, and the Chief Risk Officer.

The C-STEAM Senior Director will drive the scalable measurement and reporting of cybersecurity hygiene health across BCG’s global attack surface, including vulnerability management, red & purple teaming, application security, and configuration management. They will attract, grow, inspire, and retain a diverse, high-performing team of cybersecurity engineers and engineering leaders.
 

YOU'RE GOOD AT

  • Leading teams through change, ambiguous situations, and competing priorities.
  • Understanding the business, strategy, and marries strategy to relevant information security requirements, discerning between outputs and outcomes and bringing data-driven stories to key stakeholders.
  • Co-leading purple team activities with first-responders, improving cyber defense through effective emulation of adversary tactics and knowledge sharing.
  • Driving adoption of effective controls and architecture patterns required for BCG to effectively defend against attackers with varied skillets and motivations.
  • Influencing peers and product teams to mature and promote industry-leading security control hygiene across the overall technology landscape.
  • Sharing best practices in information security between the business units and the rest of the enterprise.
  • Enriching risk management conversations with industry knowledge and actionable architecture analysis. Consulting with architects and product owners on likely threat scenarios and effective mitigation strategies.
  • Strategically balancing team skillset with vendor capabilities to provide comprehensive, ever-maturing capabilities for solution architecture, technology stack performance.


 

YOU BRING (EXPERIENCE & QUALIFICATIONS)
 

  • Bachelor’s degree (or equivalent).
  • Minimum of 12 years of information security risk management experience, with a strong background in enterprise architecture, secure software development practices, cloud & infrastructure security, security applications and technologies.
  • Subject matter expert in cyber security practices that include the configuration and architecture of security tools and products (e.g. endpoint detection & response, network and application firewalls, cloud security posture management, attack surface vulnerability scanning, etc.), service-oriented architecture, machine learning and artificial intelligence, common attacker tools, techniques, and practices (e.g. Burp Suite, Cobalt Strike, fuzzers, metasploit, etc.) and the defender strategies needed to successfully protect BCG.
  • Expert knowledge with cumulative hands on experience across a vast array of technology platforms.
  • Knowledge of the legal and regulatory landscape related to security and privacy in an international environment.
  • Executive presence, ability to influence senior IT and Global Risk leaders.
  • Knowledge of cyber security landscape in modern digital technologies, particularly in cloud Security, in technological, business and operational aspects.
  • Ability to communicate (written and verbally) highly complex and technical concepts and information risk to technical and nnon-technical business audience to aid them in making informed risk decisions.
  • Experience leading a global, cross-functional team.
  • Ability to apply entrepreneurial and innovative mind-set and attitude to adapt to the speed and agility needed for evolving business demands.
Set alert for similar jobsGlobal Risk Senior Director - Cyber Security Threat Emulation & Attack-surface Modeling role in New Delhi, India
Boston Consulting Group (BCG) Logo

Company

Boston Consulting Group (BCG)

Job Posted

a year ago

Job Type

Full-time

WorkMode

On-site

Experience Level

8-12 Years

Category

Cyber Security

Locations

New Delhi, Delhi, India

Qualification

Bachelor

Applicants

Be an early applicant

Related Jobs

Boston Consulting Group (BCG) Logo

Threat Hunter - Cyber Security Senior Manager

Boston Consulting Group (BCG)

New Delhi, Delhi, India

Posted: 9 months ago

As a Threat Hunter and Cyber Security Senior Manager at Boston Consulting Group (BCG), you will play a key role in proactively identifying and mitigating cybersecurity threats. This position requires conducting advanced threat hunting exercises, analysing threat data, investigating security incidents, and collaborating with various teams to enhance the organization's security posture. It involves working closely with BCG's SIEM and MSSP, interacting with stakeholders, and providing expert guidance during security incidents. This full-time, on-site role in New Delhi, India, requires a Bachelor's degree in Computer Science or related field and a minimum of 10 years of information security experience.