What You'll Do
You will help to develop, implement, and monitor, oversee and manage the lifecycles for audits towards external certifications against recognized cybersecurity frameworks a strategic building a program for external certifications.
In this role, you will apply extensive knowledge and experience of information, cybersecurity, and technology risk concepts to skillfully interpret needs and drive evaluation of compliance risk facing the company. You will be able to strategically lead McKinsey's cyber certifications program leveraging key standards frameworks such as SOC 2, ISO 27001, HIPAA, FedRAMP, NIST CSF, and/or PCI DSS. You will be responsible for appropriately supporting the execution of the strategy of the Certifications team.
You will also review evidence for assessment controls, evaluate the operational effectiveness and provide feedback to assessor/reviewers. Work with teams to develop security deficiency and weakness remediation/mitigation plans.
You will engage in overseeing assessment of IT processes, risk, controls and compliance against leading practice, industry, or client frameworks. Assess capability maturity, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client senior management. You will will build and practice assessing, designing and implementing new IT risk and control frameworks, sustainable solutions (including applying knowledge of governance, risk and compliance tools), operating processes and people models to address key and evolving risks.
Furthermore, you will be instrumental in leading, assist, train, and mentor members of the certifications team.
Who You'll Work With
You will be based in either Waltham, MA, New York City, Chicago, Washington-DC, Toronto, Costa Rica, or Atlanta, GA and will be a core member of the Standards, Certifications & Lifecycle Governance team globally distributed across Prague, Costa Rica, New York, Waltham, and San Francisco.
You will interact with IT Operations, Application Development, and Business Units on information security compliance matters to review evidence for assessment controls, evaluate the operational effectiveness and provide feedback to assessor/reviewers.
You will work with the team in the capacity of risk and security assurance for our digital solutions and platforms, both in the U.S. and abroad.
Qualifications

• Bachelor's degree in an appropriate field from an accredited college/university required; advanced degree preferred
• 6+ years of experience in the field of Cyber Security and Information Risk Management; 10+ years desirable
• Experience with components of multiple compliance frameworks such as SOC 2, ISO 27001, HIPAA, FedRamp, NIST CSF, NIST 800-53, NIST 800-171, and/or PCI DSS, etc.
• Significant experience leading internal or external security audits and assessments
• Hands-on experience as an auditor or audit manager
• Capability to identify similarities and differences between frameworks, extrapolate requirements to new regulations and standards, and evaluate current controls against target performance objectives.
• Deep experience leveraging IRM systems and UCF to drive compliance a plus
• Highly effective written and oral communication skills with the ability to articulate security gaps, opportunities for improvement, and recommendations for corrective action initiatives
• Strong leadership and management experience, with the ability to work remotely with team members when conditions are not conducive to travel to McKinsey offices.
• Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.
• Preferred Cybersecurity Certifications: CISA, CISM, CISSP