This role will have an impact in providing greater security and risk awareness globally through interaction with other TSG teams, local helpdesks and with other departments in implementing high standards of security and functionality throughout the organization.
Bain’s Information Security team is a global team of cybersecurity professionals who are working to protect Bain’s and our client’s critical information assets. Our mission is to assess risks to critical areas and any cyber threats to provide continuous guidance and improved information security standards to all facets of Bain’s business services and consulting operations. Our utmost priority is to ensure the confidentiality, integrity and availability (C-I-A Principles) of our work for our clients.
The primary responsibilities of the Information Security Risk and Compliance Analyst will be to work within the Global Information Security team as a generalist to perform some or all of the following duties as appropriate:
- Review technologies and solutions based on a risk assessment methodology in order to identify threats, risks and vulnerabilities that may have an adverse impact to Bain & Company information systems and confidential data.
- Document risks, determine if control objectives meet relevant success criteria and identify risk mitigation activities.
- Perform effective and efficient reviews of key security controls and communicate analysis of the effectiveness of these controls as required.
- Facilitate data and system inventories; review associated risks, and appropriately track these risks/issues in relevant platforms.
- Support efforts in our third party risk assessments of our critical vendors and partners globally.
- Liaison with data protection teams to facilitate impact analyses or risk assessments and document appropriately any privacy related data and systems to meet a growing number of privacy regulations.
- Provide support for the Legal team during contract reviews related to information security requirements to ensure alignment with our established information security and governance standards and frameworks.
- Demonstrate a knowledge of information security and provide guidance to other TSG members across Bain & Company offices worldwide.
- Assist in policy and standards development as appropriate to better govern our Information Security Program
- Assist other team members in various projects as needed.
Candidates should have 1 or more of the following expertise:
- Strong knowledge in information security standards and principles,
- Basic knowledge in the overall field of IT system administration, infrastructure and networking technologies, and information security best practices.
- the skills to identify risks both quantitatively and qualitatively in various areas of technical and data security and communicate those risks appropriately and effectively to other areas of IT and the business as necessary.
The candidate should also possess excellent collaborative, communication and problem-solving skills and an ability to work with other individuals across various Bain functions to communicate complex problems or deficiencies as needed.
- Bachelor’s degree or equivalent with demonstrated interest in technology, technology issues and analysis.
- 1-3 years’ experience in a security role or relatable audit or technical function.
- Basic understanding of security or relevant technologies (Firewall, IPS, IDS, SIEM, and ACL).
- Proven project management skills.
- Ability to work in a fast paced, dynamic environment.
- Attention to detail and priority/time management.
- Strong customer service, analytic, communication (oral and written) and troubleshooting/problem solving skills.
- High performance and standards as demonstrated by academic or previous job experience.
Preferred, but not required:
- Experience in OneTrust or other similar Risk Management platforms.
- Industry accepted security certifications (CISSP, GIAC, CISA, etc.) are not required, but are a plus.
- Deep knowledge of security policies, regulations, compliance issues, processes and standards (e.g. ISO, ITIL, GDPR, COBIT, PCI, NIST, SSAE-16/18 standards).