Bain & Company Inc

Information Security and Compliance Analyst

Job ID
Posted Date
Information Technology
Regular Full-Time


Position Summary

The primary responsibilities of the Information Security and Compliance Analyst will be to work with the Information Security team, Legal, and with business groups across Bain to ensure that our security practices and adequate controls are maintained, adhered to and documented and to communicate and display these best practices in an ongoing basis. Additional responsibilities will include:


  • Ensuring the security and the compliance of TSG processes and controls,
  • Implementing our Vendor Risk Assessment framework in the review of security capabilities of external vendors,
  • Responding to client or other third party requests to provide assurances regarding the confidentiality, integrity, and availability of Bain’s processes and systems for handling client data.
  • Working with technology and business leaders to continuously improve and maintain our policies across the organization

Successful candidates will have knowledge in the overall field of IT systems, information security and possess skills to identify risks in various areas of technical and data security. The position will require a basic understanding of key IT controls, with a preferred emphasis on the ISO 27001/27002 standard or the NIST recommended guidance. The candidate should also possess excellent collaborative and problem-solving skills to allow them to lead multiple groups to build solutions to remediate complex problems or deficiencies as needed. They will have experience and proven ability to provide detail oriented documentation of the assessment process and effective communications with the key stakeholders.


This role will be responsible for providing greater security and risk awareness through interaction with other departments in implementing high standards of security and functionality throughout the organization.


Responsibilities & Duties

  • Work within TSG and other departments within Bain to ensure secure, consistent delivery of security capabilities.
  • Perform audit work as assigned, leveraging common audit methodologies to evaluate risk, determine control objectives and verify the extent to which control techniques meet objectives.
  • Conduct other systems audits, tracking and remediating of risks discovered through those audit processes.
  • Develop effective and efficient tests of key controls. Execute and document audit tests, and document and communicate analysis of the effectiveness of controls.
  • Work with outside vendors and internal customers to assess and communicate any identified risks and to work with business owners and vendors to adequately security Bain’s resources
  • Identify, investigate and develop process improvement solutions for unique and/or complex situations.
  • Be a key facilitator to ensure IT Security policies are maintained and effectively communicated across the organization
  • Create a climate and convey a sense of urgency to drive security risk remediation with aggressive deadlines. (“Honesty”)
  • Other duties as assigned or as responsibilities dictate.




  • Bachelor’s degree with demonstrated interest in technology, technology issues and analysis.
  • Industry accepted security certifications (CISA,CISSP, GIAC, CPA etc.) a plus

Desired Requirements:

  • 3+ years’ experience in IT infrastructure or security technologies.
  • Understanding of network based security technologies (Firewall, IPS, IDS, SIEM, and ACL).
  • Knowledge of application security issues and configuration best practices for Windows Operating Systems, Microsoft Server products (Exchange, IIS, Lync, SharePoint) and associated Office products, mobile devices.
  • Knowledge of security policies, regulations, compliance issues, processes and standards ( e.g. ISO, ITIL, COBIT, PCI, NIST, SSAE-16/18 standards).
  • Proven project management skills.
  • Ability to work in a fast paced, dynamic environment.
  • Attention to detail and priority/time management.
  • Strong customer service, analytic, communication (oral and written) and troubleshooting/problem solving skills.
  • High performance and standards as demonstrated by academic or previous job experience



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed