* Bachelor's degree required; relevant advanced degrees welcomed
* Some legal training or a legal degree is strongly preferred
* An understanding of the types of rules, regulations, and restrictions that apply to data and its use, such as data privacy laws, contractual limitations, and regulatory requirements
* Experience translating rules and requirements into processes and advice that can be implemented
* Experience in implementing or understanding of privacy and compliance programs, including how technical tools and restrictions, processes and protocols, and user training can be combined to accomplish specific goals
* An understanding of technical systems in enough detail to appreciate the way technical systems can be used and adapted to manage data
* Experience conducting assessments, such as data privacy impact assessments or policy gap assessments
* Extensive experience setting strategy, providing clear direction, and managing the project to successful completion
* Excellent integrative problem-solving skills, e.g., dealing constructively with problems that do not have clear outcomes
* Excellent written and verbal communications, e.g., positioning views appropriately to win support
* Self-starter and highly motivated, with a desire to grow and learn in the fields of data risk, data management, and data strategy
Who You'll Work With
You'll join us in Waltham, MA as a core member of the cyber risk team.
We are responsible for governance, awareness, and assurance of cyber and data related risks. We collaborate with many teams, including technology and digital, risk, legal, data privacy, learning, and the cyber practice.
Please note that while data privacy experience is relevant, this position will need to focus on all types of data not specifically personal data.
What You'll Do
As a Data Risk Expert, you will work hand in hand with our legal team to understand the regulatory, contractual, and policy limitations and requirements related to data management.
You will also be expected to stay aware of trends in the area of data management (e.g., emerging regulations, media attention on particular data use topics, etc.). You will also work closely with our technology functions to understand the systems that we use and the processes that we employ to protect data.
In your role, you will be analyzing and synthesizing where our systems and processes support our data management needs and where they fall short. You will also work closely with the broader cyber risk team to develop proposals for how to continually improve our data risk posture, including through the adoption and development of new tools, processes, and training.
You will interview people across our firm as well as outside on best practices, standards, and systems. You will develop an understanding of what alternative tools are available to us and develop hypotheses on how they might be used.
Additionally, you will lead in the resolution of complex data risk problems for cells and internal firm functions. Through this work you will get exposure to and involvement with multiple aspects of data risk management, culture transformation, and stakeholder management. You will be called upon to help colleagues answer questions about data risk on client studies, firm systems, and upcoming innovations, and support and mentor team members to grow their professional skills.
McKinsey & Company is an equal opportunity employer.
McKinsey & Company provides management consulting services to businesses, governments, non-governmental organizations, and not-for-profits.