* Bachelor's degree in business administration or technology related field
* At least 2 years' experience in IT, risk management or information security (professional services security or IT audit experience preferred)
* Experience with cloud offerings such as AWS, Azure, or GCP
* Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
* Knowledge of common information security management frameworks and past participation in both initial certification and renewal of one or more of: HITRUST, ISO/IEC 27001, SOC 2/SSAE 16, PCI DSS is desired
* Outstanding communication, problem solving, and client service skills
Who You'll Work With
Our team consists of skilled architects, security engineers, and information security analysts with exceptional problem-solving skills and a solid understanding of current IT architecture and cloud hosting technologies.
You will work closely with internal and external functions to ensure compliance with the firm's data privacy regulations and collaborate with teams to help them think about data risks like storage of sensitive or identified client data, data encryption procedures, and/or data removal processes.
Partnering with our Engineering teams, you will help facilitate systems design and architecture standards that support a standardized secure approach to systems, application, and network development in order to monitor, log, and protect systems from unauthorized access.
What You'll Do
As a Senior Information Security Analyst, you will work as part of a collaborative team and lead the overall management of the security and confidentiality of complex client service team data and information.
You will support a wide array of security audits ranging from SOC 2 Type 1 and 2, ISO 27001, and HITRUST and review, optimize and maintain a secure SaaS offering. In this role, you will be expected to oversee compliance with applicable laws and regulations and provide regular reporting on the status of the information security program to the executive leadership team.
An integral part of this position is creating a framework for roles and responsibilities regarding information ownership, classification, accountability and protection of data. Overseeing the dissemination of security policies and practices as well as managing InfoSec privacy awareness.
McKinsey & Company is an equal opportunity employer.
McKinsey and Company is a management consulting firm serving commercial, government, and not-for-profit organizations.