What You'll Do
You will act as a security point of contact for McKinsey Transformation/Wave Practice with additional support from the rest of the OFCS organization as and when required.
You will work with a team to develop, communicate, implement and operate the people, process and technology changes needed to reflect the target control state to achieve and maintain a FedRAMP Authorization. You will also oversee the risk management associated with the FedRAMP process, including management and oversight of people, process and technology controls uplift, implementation and POA&Ms.
You will drive with the promotion and adoption of secure development lifecycle, DevSecOps and Cloud security policies, standards and guidelines and contribute to the development and continual improvement of the OFCS strategy. You will provide reporting on security compliance, incidents, Key Performance Indicators (KPIs) and Objectives and Key Results (OKRs). You will also deliver and represent the priorities of the Practice back to OFCS Leadership.
#LI-MP
Who You'll Work With
You will be based in one of our North America offices.
As a One Firm Cybersecurity (OFCS) Senior Security Manager (Practice Security Lead) for the McKinsey Transformation/Wave Practice you will work directly with Practice leadership, engagement teams and product teams on a range of information security, data protection, and governance, risk and compliance activities, including client assurance, policy compliance, vulnerability management, risk assessments, and incident response. Specifically, this role is required to assist in the development, implementation and support of FedRAMP Ready and FedRAMP Authorized products.
Sitting within the OFCS Client Practice Cybersecurity Area but dedicated to supporting the McKinsey Transformation/Wave Practice FedRAMP initiative full-time, you will be responsible for implementing an information security program that meets both McKinsey policies and standards, as well as the expectations of our clients. This will involve operating and continually improving existing information security processes, as well as the development of new processes in response to evolving threats and business opportunities.
The role of McKinsey Transformation/Wave Practice Security Lead is required in McKinsey's US region supporting the Practice in the US.
Qualifications

• 3+ years of experience in a similar information security role.
• US Citizenship is required for this position
• Technical understanding of a range of enterprise IT and cloud-based architectures and technologies, such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile.
• Expertise defining system boundaries and the applications and security/compliance/infrastructure support services operating therein
• Working knowledge of common security management frameworks and participation in audit/certification for one or more of: FedRAMP, NIST SP800-53, ISO 27001, SOC2
• Experience evaluating logging activities for ingestion into SIEM as part of continuous monitoring plan
• Experience with security technologies and tooling, e.g. vulnerability scanners, firewalls, network monitors, IAM, SIEM, IDS/IPS.
• Knowledge of Privacy and Data Protection regulations, e.g. GDPR, CCPA, HIPAA.
• Knowledge of Secure Software Development Lifecycle and DevSecOps
• BSc/MSc in Information Security, Computer Science or other technical discipline