It Security Controls Certification Senior Manager

WHAT YOU'LL DOAs the IT Security Controls Certification Manager your will act as a "cyber certification officer" of the Company under the supervision of the Information Security Strategy and Governance function . You will plan, lead and manage evidence of the information security control requirements of ISO127000 series/NIST 800-53, and oversee other certification programs as well. You will work with audit teams and third parties to ensure compliance with certification mandates and will consistently work with the Information Security Risk Management team to align controls to the certifications desired by BCG's business teams. This will include conducting certification reviews, recommending compliance solutions, and monitoring the implementation of certification and compliance changes. Additionally, the Information Security Certification Manager will coordinate and deliver training for control owners on their responsibilities and certification specific expectations.YOU'RE GOOD ATInformation Security Certification ManagementMaintaining certification requirements and aligning ongoing risk, controls, and IT governance evidence to those standardsMaintaining Controls Environment Documentation including control matrices, narratives, and process flowsCertification Technology ExperienceCollaborating with technology groups or vendors at all levels to design, standardize, and implement compliance software.Experience with Coalfire, a plusCross Company CollaborationPartnering with risk, security architecture, and secure supplier teams to manage certification requirementsManaging External TalentSupervising vendors involved in certification program support or certification processesDocumentation and Attention to DetailMaintaining certification compliance documentation including process models, integration mapping, and team RACI'sControls Design and DevelopmentCollaborating with technology groups or vendors at all levels to design, standardize, implement information systems controls which mitigate or prevent material loss influenced by ISO127000 series standards, NIST 800-53 or similar control framework domain.Certification Process Management and DesignDrive Process Improvement through streamlining processes, leading process change and directing implementation of automated internal controls.Risk Management, Issues Tracking & Remediation CoordinationRisk Mitigation and Controls Remediation Programming through identification of security related risks, maintenance and monitoring and facilitation of remediation activitiesYOU BRING (EXPERIENCE & QUALIFICATIONS)Education & CertificationsBaccalaureate degree in management information systems or computer science or similar (master's degree a plus).Maintenance of technical competence in current auditing practices, compliance policies and government regulations - CISSP, CISA, CISM, a plusWork & Industry Experience8+ Years as an information systems auditor or 8+ years working through an IT controls and compliance functionBig-4 Information Security Compliance consulting and project management, a plus.Professional Services company exposure through audit or direct employment, a plus.Working in a non-regulated sector and designing minimum viable controls for cybersecurityTerms like HIPAA, CyberEssentials, GDPR sound familiar to youISO Program ExperienceDirect ISO 27000 series experience including collection of evidence and For full info follow application link.The Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, protected veteran status, or any other characteristic protected under federal, state or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.