Bain & Company Inc

  • Security and Compliance Analyst

    Job Location US-MA-Boston
    Job ID
    Posted Date
    Information Technology
    Regular Full-Time
    Location : Location
  • Overview

    The primary responsibilities of the Information Security and Compliance Analyst will be to work within the Information Security team and with business groups across Bain to facilitate awareness of our Information Security Program and work to ensure that adequate controls are consistently maintained,   adhered to consistently throughout the company, and are well documented.  The Analyst will work to communicate and display these best practices in an ongoing basis.  Additional and more targeted responsibilities will include:

    • Assessment of the security and the compliance of IT processes and controls.
    • Assist in assessing vendor and 3rd Party risks within our Vendor Risk Assessment framework by reviewing the security capabilities of our external vendors.
    • Working with technology and business leaders to continuously improve and maintain our policies across the organization.
    • Working with other Information Security team members to build and facilitate various training related programs and methods for delivery across Bain.

    Successful candidates will have knowledge in the overall field of IT systems, information security and possess skills to identify risks in various areas of technical and data security.  The position will require a basic understanding of key IT security controls, with a preferred emphasis on the ISO 27001/27002 or NIST standard frameworks or similar security standards if possible. The candidate should also possess excellent collaborative and problem-solving skills and an ability to work with groups of individuals across various Bain functions to build solutions to remediate complex problems or deficiencies as needed. The candidate will have experience and proven ability to provide detail oriented documentation of processes and effective communications with the key stakeholders.


    This role will have an impact in providing greater security and risk awareness through interaction with other departments in implementing high standards of security and functionality throughout the organization.



    • Work within TSG and other departments within Bain to ensure secure, consistent delivery of security capabilities. 
    • Perform assessment work as assigned to evaluate risks, determine control objectives and verify the extent to which control techniques meet objectives.
    • Perform effective and efficient reviews of key controls and communicate analysis of the effectiveness of controls as required.
    • Work with outside vendors and internal customers to assess and communicate any identified risks and to work with business owners and vendors to adequately security Bain’s resources.
    • Identify, investigate and develop process improvement solutions for unique and/or complex situations.
    • Be a key facilitator to ensure IT Security policies are maintained and effectively communicated across the organization.
    • Work as a key focal point for building content and methods for improving training and overall awareness of security concepts and policies to a broader Bain audience.
    • Create a climate and convey a sense of urgency to drive security risk remediation with aggressive deadlines. (“Honesty”).
    • Other duties as assigned or as responsibilities dictate.



    • Bachelor’s degree with demonstrated interest in technology, technology issues and analysis.
    • Industry accepted security certifications (CISSP, GIAC, CPA etc.) a plus.

    Desired Requirements:

    • 1-3 years’ experience in a security role or relatable audit function.
    • Basic understanding of network based security technologies (Firewall, IPS, IDS, SIEM, and ACL).
    • Proven project management skills.
    • Ability to work in a fast paced, dynamic environment.
    • Attention to detail and priority/time management.
    • Strong customer service, analytic, communication (oral and written) and troubleshooting/problem solving skills.
    • High performance and standards as demonstrated by academic or previous job experience.
    • Knowledge of security policies, regulations, compliance issues, processes and standards ( e.g. ISO, ITIL, COBIT, PCI, NIST, SSAE-16/18 standards) are a plus.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed