Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Global Information and AI Security Senior Manager provides internal BCG technical consulting around information security architecture and security design measures for new projects, ventures and systems. The architect defines the desired end state to meet solution Security Goals and overall business goals. The Security Architect ensures the digital applications, tools, and services protect our data, our clients’ data, and our intellectual property; are resilient to cyber-attack; meet BCG policy and standards, regulatory requirements, and industry best practices; while using a risk-based approach to meeting BCG business needs and objectives.

 

The Global Information and AI Security Senior Manager works with teams inside BCG to secure the building and maintenance of complex computing environments to train, deploy, and operate Artificial Intelligence/ML systems by determining security requirements; planning, implementing and testing security systems; participate in AI/ML/LLM projects as the Security Subject Matter Expert; preparing security standards, policies and procedures; and mentoring team members.

What You'll Bring

Bachelor's degree (or equivalent experience) required.CSSLP certification required; additional certifications such as CISSP, CCSP, or CCSK strongly preferred.7+ years of progressive experience in information security, specifically focused on secure architecture, secure development practices, and cloud-native security.Proven expertise supporting software engineering, data science, and AI/ML development teams, specifically with secure model lifecycle management, secure deployment practices, and secure data engineering.Expert understanding of the Secure Software Development Lifecycle (SSDLC), including secure architecture, threat modeling frameworks (e.g., MAESTRO, PASTA, STRIDE), penetration testing, secure coding practices, vulnerability management, and incident response.Demonstrated technical proficiency across multiple security technologies, platforms, and frameworks, with strong hands-on experience implementing secure cloud-native infrastructures (AWS, Azure, GCP).Familiarity with data warehouse and data lake environments such as Databricks, Azure Fabric, or Snowflake, including security best practices in managing and securing large-scale data ecosystems.In-depth knowledge and practical experience with AI and machine learning model security, ethical AI frameworks, secure handling of data, and comprehensive understanding of CI/CD pipelines specifically tailored for data science workloads.Extensive experience conducting security assessments, vulnerability triage, intrusion detection and prevention, firewall management, network vulnerability analysis, cryptographic implementations, and incident response analysis.Exceptional communication skills (written and oral), influencing capabilities, and ability to clearly articulate complex security concepts to stakeholders across various levels of the organization.Proactive professional development, continuous learning, active participation in industry forums, professional networks, and familiarity with current and emerging security trends and standards.

Additional info

YOU'RE GOOD AT
The Senior Manager, Security and AI Architect excels at:

Collaborating closely with software engineering, data science, data engineering, and cybersecurity teams to design, implement, and maintain secure solutions in agile environments leveraging cloud-native technologies and infrastructure.Defining security requirements by deeply understanding business objectives, evaluating strategies, and implementing robust security standards throughout the full Software Development Life Cycle (SDLC).Leading security risk assessments, threat modeling (utilizing frameworks such as MAESTRO, PASTA, STRIDE, etc.), security architecture reviews, and vulnerability analyses for client-facing digital products, particularly involving complex AI/ML-driven solutions.Advising development teams, including AI engineers and data scientists, on secure coding practices, secure data handling, secure AI/ML model deployment, and related infrastructure security considerations.Providing specialized guidance on secure AI model development lifecycle, including secure data usage, ethical AI practices, and robust security controls in Generative AI and large language model deployments.Actively participating in the APAC Dex process for managing digital builds, ensuring alignment with regional requirements, standards, and best practices.Staying ahead of emerging security trends and technologies, conducting continuous research, evaluation, and advocacy of new security tools, frameworks, and architectures relevant to digital solutions.Ensuring robust compliance with regulatory frameworks and industry standards, including ISO 27001, SOC2, NIST, and GDPR, particularly as they pertain to data privacy and AI-driven product development.Developing and delivering training programs on secure development, AI security considerations, and incident response practices.Partnering with internal stakeholders, articulating security risks clearly, influencing technical directions, and promoting comprehensive secure architecture roadmaps.Conducting vendor and market assessments, guiding tests, evaluations, and implementation of security products that address enterprise and client-specific information security requirements.Advising teams on compensating controls and alternative security measures to facilitate business agility without compromising security posture.Leading the implementation and continuous improvement of security tooling and practices within CI/CD pipelines, infrastructure-as-code (IaC), and model deployment automation.

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.