Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Director of Cyber Enterprise Risk Management will play a critical role in managing cyber-related risks across BCG’s global operations. Reporting to senior leadership within Information Security Risk Management (ISRM), this role will help develop, evolve, and implement governance practices that integrate cyber risk into the broader enterprise risk management (ERM) framework. The successful candidate will enable effective risk awareness, cross-functional collaboration, and decision-making on key cyber risk issues.

 

Key Responsibilities:

Cyber Risk Governance Implementation: Contribute to the development and implementation of governance practices that integrate cyber risks into enterprise risk management. Align risk efforts with BCG’s business goals and support risk mitigation strategies in accordance with defined risk tolerances.Stakeholder Engagement: Collaborate with internal teams—including IT, legal, compliance, and enterprise risk—to provide insights into emerging cyber risks and support integrated risk assessments.Enterprise Risk Coordination: Work with risk and compliance teams to validate that cyber risks are factored into broader risk reviews, and that cyber-related controls align with the company’s risk appetite and business objectives.Cyber Risk Metrics & Reporting: Support the development and evolution of key performance indicators (KPIs) and reporting dashboards to communicate risk posture and trends to leadership. Help prepare materials for executive and risk committee briefings.Risk Tolerance & Policy Alignment: Assist in the definition and communication of cyber risk tolerance levels. Ensure policy and procedural alignment with the organization's enterprise risk posture.Continuous Improvement and Adaptability: Take a proactive attitude toward improving cyber risk management processes, incorporating industry best practices, and adapting to the changing threat landscape.

YOU’RE GOOD AT

Cross-functional Collaboration: Experience collaborating with multidisciplinary teams to implement or enhance cyber risk and governance processes.Cyber and Risk Frameworks: Working knowledge of cyber and enterprise risk frameworks such as NIST CSF, ISO 27001/27002, COSO, and COBIT, and experience integrating these into business operations.Communication & Influence: Effective communication skills, with the ability to convey cyber risk issues in a clear and business-relevant manner to both technical and non-technical stakeholders.Analytical Thinking: Ability to develop and analyze complex risk scenarios and develop clear, actionable responses within a fast-paced business environment.

What You'll Bring

Bachelor’s degree (or equivalent); advanced degree in a relevant field (e.g., Information Security, Risk, or Business) preferred.10+ years of experience in cybersecurity, risk management, or related discipline.Solid understanding of legal and regulatory considerations related to cybersecurity and data privacy in a global context.Familiarity with modern IT environments including cloud, third-party services, and digital platforms.The ability to communicate (written and verbally) highly complex and technical concepts and information risk to technical and non-technical business audiences to aid them in making informed risk decisions.Understanding of practices that balance the need for strong security practices with business requirements.Experience developing or supporting enterprise-wide compliance or security risk programs.Comfortable working in a global, matrixed, and fast-moving organization.

Who You'll Work With

A global team of information security professionals and business leaders, engaging daily with professionals across IT, compliance, legal, and business operations collaborating to create strategic advantage for the most important global companies. You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture.

Additional info

 

Total compensation for this role includes base salary, annual discretionary performance bonus, retirement contribution, and a market leading benefits package described below.

The base salary range for this role is $176,000.00 - $212,000.00

This is an estimated range, however, specific base salaries within the range depend on various factors such as experience and skill set. It is not common for new BCG employees to be hired at the high-end of the salary range. BCG regularly reviews its ranges to ensure market competitiveness.

In addition to your base salary, your total compensation will include a bonus of up to 30% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years.

 

All of our plans provide best in class coverage:

Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children

Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs

Dental coverage, including up to $5,000 in orthodontia benefits

Vision insurance with coverage for both glasses and contact lenses annually

Reimbursement for gym memberships and other fitness activities

Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan

Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement

Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)

Paid sick time on an as needed basis

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.