About the position
The right candidate is responsible for managing security compliance for BCG's software and data offerings in alignment with AICPA's SOC 1 and SOC 2 framework and ISO 27001 standards. This role requires a deep understanding of fundamental security compliance frameworks and the ability to navigate security and compliance audit processes effectively. The candidate must be a proactive team player, capable of communicating complex information clearly to guide solutions and foster collaboration within the team. Strong customer service skills are essential for developing positive relationships with internal stakeholders, ensuring their needs are met while maintaining compliance standards. The successful candidate will possess excellent interpersonal and communication skills, both written and oral, which are crucial for partnering with team members and stakeholders across the business. This collaboration will focus on identifying compliance gaps, issues, and risks, and working together to address them. The role involves working closely with auditors, managing audit request lists, and taking ownership of gathering security audit evidence. The candidate will coordinate audits and conduct reviews of deliverables to verify compliance with internal policies and industry best practices, ensuring thoroughness and attention to detail in all audit and compliance requests. Additionally, the candidate will be responsible for ensuring clear and expedient escalations with informed recommendations to management. They will work as part of a team to achieve common goals in a dynamic setting, identifying and leveraging lessons learned and best practices from audits to foster a culture of continuous improvement within BCG. A broad working knowledge in key areas of security compliance frameworks, including SOC 1, SOC 2, HITRUST, and ISO 27001, is essential for success in this role.
Responsibilities
- Manage security compliance for BCG's software and data offerings in alignment with AICPA's SOC 1 and SOC 2 framework and ISO 27001 standards.
- Demonstrate understanding of fundamental security compliance frameworks and audit processes.
- Collaborate with team members and internal stakeholders to guide solutions and develop positive relationships.
- Identify compliance gaps, issues, and risks through effective communication and teamwork.
- Work with auditors, manage audit request lists, and gather security audit evidence.
- Coordinate audits and conduct reviews of deliverables to verify compliance with internal policies and industry best practices.
- Ensure completeness of audit and compliance requests with a thorough eye for detail.
- Provide clear and expedient escalations with informed recommendations to management.
- Foster a culture of continuous improvement by leveraging lessons learned and best practices from audits.
Requirements
- Minimum of 3 years' experience working with security compliance audits.
- A minimum bachelor's degree in any discipline; degrees in computer science, cyber security, risk, or technology preferred.
- Fluent in English (verbal and written).
- Strong communication skills, both written and oral.
- Ability to work successfully within a cohesive and matrixed team environment.
- Strong work management and work ethics.
Nice-to-haves
- Flexibility in scheduling to accommodate geographical requirements and time zones of stakeholders and team members.
- Superior interpersonal skills that project confidence and trust.
