The primary responsibilities of the Senior Information Security Engineer will be to focus primarily in working with the business to instill data security best practices and technologies where appropriate to meet business directives and work generally within the Information Security team to ensure that best practices for security engineering and secure technical architectures are in place throughout Bain globally. This position is focused on building new capabilities across Bain and across a variety of services and platforms. Overall, this role will be an important part of driving continuous improvement to Bain & Company’s security posture and capabilities that can better protect the integrity of the firm and its clients.
The Engineer will also work directly with other members of the Security team to develop and provide security and best practices expertise, and will work with other technical and non-technical teams to leverage that expertise in secure design and implementation of new systems and services. The Senior Information Security Engineer will also provide security guidance and best practices related to new technologies and policy development.
- Protect the business with oversight and guidance for new initiatives based on defined frameworks and new capabilities, applying information security standards and best practices in foundational areas, such as Identity Management, Business Continuity, Security Operations, and as well as new areas such as digital growth and innovation.
- Identify and track developments and changes in the digital business and threat environments to ensure that they are adequately addressed.
- Work to build and enhance existing encryption and data protection standards in conjunction with Bain’s Records Management, Legal, and Risk organizations.
- Liaise with software development teams and architects to review and support the implementation of secure practices and recommend enhancements as needed.
- Act as a bridge between the Risk and Compliance teams and the Security Operations teams to ensure standards are communicated effectively and met across the organization.
- Be a trusted resource to assist in the Vendor Management process with potential third parties to Bain and provide assessment expertise and guidance as to the vendor’s ability to securely handle Bain intellectual property (IP) and client data.
Successful candidates will have knowledge and experience in the overall field of information security with significant time spent solely in a security function within an organization. CISSP, GIAC or other certifications are preferred as well as experience in environments with standards-based security certifications or attestations (ISO 27001/2, NIST, etc.). The candidate should display complex problem-solving skills and an ability to lead groups of people towards a common direction and engage with others to facilitate resolutions. The ability to drive consensus amongst peers and to generate the insights necessary to facilitate new process or technology change will also be important.
- Bachelor’s degree with demonstrated interest in technology, technology issues and analysis.
- Industry accepted security certifications (GAIC,CISSP, etc.) preferred
- 3-5 years minimum experience in a primary role as an information security expert
- Understanding of Information Security technologies (Firewall, IPS, IDS, SIEM, etc.)
- Knowledge of security policies, regulations, compliance issues, processes and standards ( e.g. ISO, ITIL, PCI-DSS, ITAR, NIST)
- Proven project management skills and leading cross functional efforts
- Ability to work in a fast paced, dynamic environment.
- Attention to detail and priority/time management.
- Strong customer service, analytic, communication (oral and written) and troubleshooting/problem solving skills.
- High performance and standards as demonstrated by academic or previous job experience