What You'll Do
In this role, you will design and implement security systems to protect company assets, focusing on compliance with US Government security requirements. You will develop and enforce security policies, procedures, and standards in accordance with federal regulations and guidelines. Conducting regular security assessments and audits to identify potential vulnerabilities and ensure compliance with NIST, CMMC, and other federal standards will be a key responsibility. You will collaborate with IT and business units to integrate security into all phases of projects and operations. Managing and enhancing the organization's DevSecOps processes to ensure security is integrated throughout the software development lifecycle will be essential. You will oversee the implementation and management of security protocols within Azure Government Community Cloud (GCC) High environments, ensuring compliance with federal requirements. Additionally, you will provide security risk assessments of AI and Generative AI (GENAI) capabilities, identifying potential risks and recommending mitigation strategies. Staying updated on the latest security trends, technologies, and federal regulations will be necessary to ensure the company’s security measures are current and effective. Furthermore, you will provide guidance and training to employees on security best practices, specifically those relevant to federal contracts, and work with third-party vendors to ensure their security posture aligns with US Government requirements.
YOU'RE GOOD AT
The IT Security Architect is good at:
- Determining security requirements by evaluating business strategies and requirements, implementing information security standards, conducting system security and vulnerability analyses and risk assessments, recommending secure architecture aligned to business architecture, and identifying/driving remediation of integration issues.
- Researching and analyzing emerging technologies, designing, and advocating new technologies, architectures, and security products in collaboration with system and service owners.
- Providing knowledge of SDLC/application architecture as well as methodologies for the software and model development life cycle.
- Managing end to end delivery of projects with hands on involvement in the development and configuration of products.
- Maintaining security by ensuring compliance to standards, policies, and procedures
- Self-managing progress and status of tasks and deliverables on projects and escalating issues and risks timely.
- Interacting with stakeholders and possessing the ability to influence direction, articulate risks and sell secure solutions/roadmaps.
- Completing market assessments on vendor products, packages, and services; guiding tests and implementation of products solving enterprise information security requirements.
- Suggesting and implementing alternative security mitigations/compensating controls to allow for business to continue while protecting BCG's assets.
- Guiding the configuration, implementation, monitoring, and support for security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures.
- Understanding, as the subject matter expert of best practices and change management policies using Infrastructure-as-Code and CI/CD tools for all aspects of ML model deployment and service delivery.
- Updating job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Excellent communication (written and oral) and leadership skills
You Bring (experience & Qualifications)
- Preferred certification in one or more Information Security relevant areas such as, Security Professional (CISSP), Cloud Security (CCSP, CCSK)
- Minimum of 8 years of information security experience, with a strong background in cloud native infrastructure, network security, security applications and technologies.
- Subject matter expert in security practices that include the full administration of security control systems, vulnerability identification and mitigation, best practices for securing/hardening, and risk analysis.
- Knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response.
- In-depth experience of vulnerabilities, intrusion detection systems, firewall management, network vulnerability analysis, cryptographic theory and practice, incident analysis and response, software testing and security assessment, malicious code and software exploitation techniques, continuous monitoring and event logging, cyber-crimes, computer forensics analysis and computer crime investigation.
- In-depth knowledge of security frameworks and standards, including NIST SP 800-171, NIST SP 800-53, CMMC, and other relevant federal guidelines.
- Experience with cloud security, including AWS, Azure, or Google Cloud Platform, with specific expertise in Azure Government Community Cloud (GCC) High environments.
YOU'LL WORK WITH
You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture. You will be a part of a team of professionals in support of internal IT and business professionals, and consultants delivering business and management strategy to our clients. You will work with application developers and data analysts providing tools and support for our consultants. You will be an integral part of the BCG Information Security Risk Management team in delivering the security program for Gamma and all of BCG.