This role will have an impact in providing greater security and risk awareness globally through interaction with other TSG teams, local helpdesks and with other departments in implementing high standards of security and functionality throughout the organization.
The primary responsibilities of the Information Security Risk and Compliance Analyst will be to work within the Global Information Security team as a generalist to perform some or all of the following duties as appropriate:
- Review technologies and solutions based on a risk assessment methodology in order to identify threats, risks and vulnerabilities that may have an adverse impact to Bain & Company information systems and confidential data.
- Document risks, determine if control objectives meet relevant success criteria and identify risk mitigation activities.
- Perform effective and efficient reviews of key security controls and communicate analysis of the effectiveness of these controls as required.
- Facilitate data and system inventories; review associated risks, and appropriately track these risks/issues in relevant platforms.
- Support efforts in our third party risk assessments of our critical vendors and partners globally.
- Liaison with data protection teams to facilitate impact analyses or risk assessments and document appropriately any privacy related data and systems to meet a growing number of privacy regulations.
- Provide support for the Legal team during contract reviews related to information security requirements to ensure alignment with our established information security and governance standards and frameworks.
- Demonstrate a knowledge of information security and provide guidance to other TSG members across Bain & Company offices worldwide.
- Assist in policy and standards development as appropriate to better govern our Information Security Program
- Assist other team members in various projects as needed.
Successful candidates will have:
- Strong knowledge in information security standards and frameworks, most notably the NIST 800-53 or ISO 27001/2 set of controls and risk assessment methods (or equivalent standard).
- Basic knowledge in the overall field of IT system administration, infrastructure and networking technologies, and information security best practices.
- the skills to identify risks both quantitatively and qualitatively in various areas of technical and data security and communicate those risks appropriately and effectively to other areas of IT and the business as necessary.
The candidate should also possess excellent collaborative, communication and problem-solving skills and an ability to work with other individuals across various Bain functions to communicate complex problems or deficiencies as needed.
- Bachelor’s degree or equivalent with demonstrated interest in technology, technology issues and analysis.
- Industry accepted security certifications (CISSP, GIAC, CISA, etc.) are not required, but are a plus.
- 1-3 years’ experience in a security role or relatable audit or technical function.
- Basic understanding of network based security technologies (Firewall, IPS, IDS, SIEM, and ACL).
- Knowledge of security policies, regulations, compliance issues, processes and standards (e.g. ISO, ITIL, GDPR, COBIT, PCI, NIST, SSAE-16/18 standards).
- Proven project management skills.
- Ability to work in a fast paced, dynamic environment.
- Attention to detail and priority/time management.
- Strong customer service, analytic, communication (oral and written) and troubleshooting/problem solving skills.
- High performance and standards as demonstrated by academic or previous job experience.
- Experience in OneTrust or similar Risk Management platforms.