Bain & Company is one of the world's leading global business consulting firms, serving clients across six continents. Founded in 1973 on the principle that consultants must measure their success in terms of their clients' financial results, Bain's clients have outperformed the stock market 4 to 1. With offices in most major international cities, Bain has worked with over 4,150 major multinational and other corporations from every economic sector, in every region of the world.
Bain's Information Security team is a global team of cybersecurity professionals who are working to protect Bain's and our client's critical information assets. Our mission is to assess risks to critical areas and any cyber threats to provide continuous guidance and improved information security standards to all facets of Bain's business services and consulting operations. Our utmost priority is to ensure the confidentiality, integrity and availability (C-I-A Principles) of our work for our clients.
The primary responsibilities of the Information Security Risk and Compliance Analyst will be to work within the Global Information Security Team as a specialist to perform some or all of the following duties as appropriate:
* Review technologies and solutions based on a risk assessment methodology in order to identify threats, risks and vulnerabilities that may have an adverse impact to Bain & Company information systems and confidential data.
* Document risks, determine if control objectives meet relevant success criteria and identify risk mitigation activities.
* Perform effective and efficient reviews of key security controls and communicate analysis of the effectiveness of these controls as required.
* Facilitate data and system inventories; review associated risks, and appropriately track these risks/issues in relevant platforms.
* Support efforts in our third party risk assessments of our critical vendors and partners globally.
* Coordinate with data protection teams to facilitate impact analyses or risk assessments and document appropriately
* Perform contract reviews (working directly with Legal teams globally) to ensure that our clients' information security requirements are in alignment with our established standards and frameworks.
* Demonstrate a knowledge of information security and provide guidance to other TSG members across Bain & Company offices worldwide.
* Assist other team members in various projects as needed.
Candidates should have 1 or more of the following expertise:
* Strong knowledge in information security standards and principles,
* Basic knowledge in the overall field of IT system administration, infrastructure and networking technologies, and information security best practices.
* Ability to identify risks based on documented frameworks of technical and data security controls and communicate those risks appropriately.
The candidate should also possess excellent collaborative, communication and problem-solving skills and an ability to work with other individuals across various Bain functions to communicate complex problems or deficiencies as needed.
This role will have an impact in providing greater security and risk awareness globally through interaction with other TSG teams, local helpdesks and with other departments in implementing high standards of security and functionality throughout the organization.
* Bachelor's degree or equivalent with demonstrated interest in technology, technology issues and analysis.
* 1-3 years' minimum experience in a security role or relatable audit or technical function.
* Basic understanding of security or relevant technologies (Firewall, IPS, IDS, SIEM, and ACL).
* Proven project management skills.
* Ability to work in a fast paced, dynamic environment.
* Attention to detail and priority/time management.
* Strong customer service, analytic, communication (oral and written) and troubleshooting/problem solving skills.High performance and standards as demonstrated by academic or previous job experience.
Preferred, but not required:
* Industry accepted security certifications (CISSP, GIAC, CISA, etc.) are not required, but are a plus.
* Knowledge of security policies, regulations, compliance issues, processes and standards (e.g. ISO, ITIL, GDPR, COBIT, PCI, NIST, SSAE-16/18 standards).