Job Details

Senior Security Risk & Compliance Analyst – Solution Technology

East Chicago, IN

Job ID:

4201456002

Job Description

You will work within our Information Security teams which is part of McKinsey’s Solution Technology practice.

This group fosters innovation driven by analytics, design thinking, mobile and social by developing new products/services and integrating them into our client work. It is helping to shift our model toward asset-based consulting and is a foundation for the firm's entrepreneurial culture.

Working directly with the CISO and key stakeholders, you will create security risk management processes and documentation to support security risk and compliance processes.

This will include drafting and maintaining risk register, creating policy and documentation, creating dashboards and reports, conducting security risk assessments and creating security communications and awareness materials.  Additionally, you will help introduce automation and reshape our security management and controls approach to operate effectively in a cloud/devops environment.

You will work to develop and improve on existing security management and compliance related processes, controls and documentation.  Additionally, you will help establish processes and conduct activities that support the firm information security management system, identifying, documenting and defining controls to reduce cyber security related risks. 

You'll also have the opportunity to draft security policies and standards, create reports and other documentation in support of security risk management activities.

  • 2+ years of experience working in a dedicated security risk management capacity
  • 2+ years of experience in an enterprise setting, performing assessments, audits and/or compliance and privacy related work
  • Working knowledge of security frameworks such as NIST, ISO 27001/2, Cloud Security Alliance CCM, FedRamp.
  • Working knowledge of cyber/information security risk management practices
  • Ability to create information security management system (ISMS) processes and artifacts for tracking and scoring security risk
  • Effective written and verbal communication skills.
  • Familiarity with assessing risks associated with cloud environments
  • Familiarity with agile and devops practices
  • Working knowledge of security policy and process documentation
  • Ability to work independently and plan/structure work activities and deadlines.
  • Experience creating workflows and basic automation for security governance and compliance/audit-related tasks and activities
  • Preferred experience with Jira
  • Confluence/wiki pages
  • Experience with ticketing systems and workflow
  • GRC software experience preferred
  • Preferred certifications: CISA, CISM, CISSP

Similar Jobs