Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Senior Director, Enterprise Cybersecurity Operations is a pivotal strategic leadership role responsible for day-to-day management of BCG’s global cyber enterprise security operations. This individual will manage teams tasked with protecting the confidentiality, integrity, and availability of organizational data and critical IT services, ensuring alignment with business objectives and regulatory standards. The position demands a proactive approach to Cybersecurity, embedding resilience and fostering continuous improvement across operational security functions.

 

This role reports to the Chief Information Security Officer (CISO) to provide guidance, expertise, and influence technical product owners, portfolio leaders, and security engineers. The Senior Director, Enterprise Security Operations plays a key role in shaping the organization's security posture, acting as a trusted advisor to the Chief Information Security Officer, Chief Technology Officer, IT Leadership Team, Information Security Risk Management leadership, and the Chief Risk Officer.

 

YOU'RE GOOD AT

 

Strategic Leadership

Creating valuable and impactful security operations recommendations that inform technical decisions while managing change and competing demands.Influencing Executive Directors and Senior Directors and to mature and promote industry-leading security operations across the enterprise technology landscape.Growing, inspiring, and retaining a diverse, high-performing team of security professionals that are forward-looking and adaptive to emerging security technologies and threats.Serve as a key advisor to senior leadership on operational security matters, providing insights on risks, threats, and mitigation strategies.

 

Security Operations Oversight

Manage and oversee the following key functional areas:Attack Surface Management: Continuously analyze emerging threats and maintain an up-to-date threat landscape to prioritize vulnerability mitigation and cyber hygiene enforcement.Offensive Security: Conduct regular security technical assessments, penetration testing, and adversarial simulations.Security Continuous Monitoring: Oversee the management of Security Operations Center (SOC) services across global geographies to ensure real-time monitoring, threat detection, and incident response. Empower crisis communications during major incidents with real-time detection with consistent, transparent, and accurate digital intelligenceSecure Operations Technologies: Oversee the integration of diverse security technologies for resilient protection for multi-cloud, hybrid, and on-premises environments. Ensure interoperability between systems such as SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), network security, security posture management, and incident response tools. Incorporate SOAR technologies to automate workflows, reduce response times, and improve operational efficiency. Drive integration of threat intelligence platforms, enabling actionable insights for proactive defense.

 

Program and Capability Development

Enhance operational maturity by advancing processes from ad hoc to optimized, leveraging automation and data-driven decision-making.Define key performance indicators (KPIs) and regularly report on the effectiveness of security operations.Develop frameworks and methodologies for continuous improvement in response time, vulnerability management, and incident detection.

What You'll Bring

Bachelor’s degree (or equivalent).Minimum of 15 years in cybersecurity management, with at least 8 years leading global cybersecurity teams across diverse regions.Demonstrated ability to align security strategies with business objectives and deliver measurable results in complex enterprise environments.Deep knowledge of enterprise architecture, secure software development practices, and cloud security platforms such as AWS, Azure, Google Cloud Platform, AI/ML applications, and containerized environments (e.g., Kubernetes, Docker).Hands-on experience with security technologies, including SIEM, SOAR, EDR, vulnerability management platforms, and threat intelligence tools.Familiarity with frameworks like MITRE ATT&CK, NIST CSF, CIS Controls, and ISO 27001, with experience implementing these in enterprise environments.Experience designing and implementing proactive threat hunting and adaptive security measures to address evolving threats.Familiarity with predictive analytics, anomaly detection, and behavioral monitoring to enhance real-time threat detection and response.Expertise in integrating security with Business Continuity and Disaster Recovery (BC/DR) frameworks and incident response teams during crises.Executive presence, ability to influence senior IT and Global Risk leaders.Ability to communicate (written and verbally) highly complex and technical concepts and information risk to technical and non-technical business audience to aid them in making informed risk decisions.Must have experience managing compliance efforts and experience with business risk management with the ability to communicate the balance between strong security and enabling business.Ability to apply entrepreneurial and innovative mind-set and attitude to adapt to the speed and agility needed for evolving business demands.

Who You'll Work With

A global team of information security professionals and business leaders. Interact daily with the world’s most remarkable entrepreneurs, designers, engineers, architects, product experts and developers collaborating to create strategic advantage for the most important global companies. You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture. You will be an integral part of the BCG Information Security Risk Management and Enterprise Architecture teams in delivering the security program for all of BCG.

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.