The primary responsibilities of the Security Architect will be to work as an individual contributor within the Information Security team to ensure that best practices for security engineering and secure technical architectures are in place throughout Bain globally. This role will have responsibility in working directly with other members of the Security team to provide security and best practices expertise, and will work with other technical and non-technical teams to provide expertise in secure design and implementation of new systems and services. The Security Architect will also be called upon to provide security guidance and best practices input to ensure all areas of policy compliance are met.
Successful candidates will have knowledge and experience in the overall field of information security with significant time spent solely in a security function within an organization. CISSP or higher certifications are preferred as well as experience in environments with standards-based security certifications or attestations (ISO, NIST, etc.). The candidate should display complex problem-solving skills and an ability to lead groups of people towards a common direction and engage with others to facilitate resolutions. The ability to drive consensus amongst peers and to generate the insights necessary to facilitate top-down process or technology change will also be important.
Initially, this position will be focused on building new capabilities in Identity Management systems and in Data Protection platforms. Overall, this role will be an important part of driving continuous improvement to Bain & Company’s security posture and capabilities to better protect the integrity of the firm and its clients.
· Draft security procedures and standards to be reviewed and approved by executive management
· Provide oversight and guidance on new capabilities for Information Security standards and best practices in foundational areas, such as Identity Management. Business Continuity or Security Operations
· Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed
· Work to build and enhance existing encryption and data protection standards in conjunction with Bain’s Records Management, Legal, and Risk organizations
· Liaise with technology software development teams to review and validate for secure practices and recommend enhancements as needed
· Act as a bridge between the Policy and Compliance teams and the Security Operations teams to ensure standards are communicated effectively and met across all the organization
· Be a trusted resource to assist in the Vendor Management process with potential vendors to Bain and provide assessment expertise and guidance as to their ability to house Bain intellectual property (IP)
· Bachelor’s degree with demonstrated interest in technology, technology issues and analysis
· Industry accepted security certifications (GAIC,CISSP, etc.) preferred
· 5-7 years minimum experience in a primary role as an information security expert
· Understanding of Information Security technologies (Firewall, IPS, IDS, SIEM, etc.)
· Knowledge of security policies, regulations, compliance issues, processes and standards ( e.g. ISO, ITIL, PCI-DSS, ITAR, NIST)
· Proven project management skills and leading cross functional efforts
· Ability to work in a fast paced, dynamic environment
· Attention to detail and priority / time management
· Strong customer service, analytic, communication (oral and written) and troubleshooting/problem solving skills
· High performance and standards as demonstrated by academic or previous job experience