• Bachelor’s degree in technology or equivalent experience and/or military experience
  • 7-10 years in governance, risk and compliance (GRC) roles
  • Familiarity with common cybersecurity controls frameworks (NIST, ISO)
  • Strong background with advising contracts, legal, compliance and facility security teams from a cybersecurity perspective
  • CISSP, CISM, CISA or similar cyber management certification is a plus; CIPP or similar privacy certification is a plus
  • Experience managing the information security program for the restricted cloud environment
  • Experience with leading strategy for compliance with current and forthcoming security control frameworks and revisions
  • Demonstrated ability to refine and manage overall cybersecurity program
  • Excellent written and verbal communication skills
  • US citizenship


You will be based in our Waltham or Washington, DC office as part of our IT team in our Technology & Digital function. This team manages and supports a cloud environment for certain high-risk data and client engagements. You will work closely with various teams across Technology & Digital, as well as non-tech teams and 3rd party IT vendors.
At McKinsey, we are constantly evolving with the rapid pace of technology and helping our clients in winning with game-changing strategies, solutions and products. Data, analytics and insights are core to our differentiated value proposition, and we are taking a cloud-first approach to transform our data platforms and analytical applications across the firm.


You will be a key member of the team responsible for ongoing design, support and information security of this cloud environment.
In this role, you will be responsible for managing this cloud environment’s cybersecurity program.  You will develop an in-depth understanding of business contexts in order to influence IT/security operations via a balanced and empathetic understanding of user and client needs. You will write, refresh, and integrate policies and procedures including audit-ready continuous monitoring reports monthly.  You will also design and run cross-team tabletop incident response exercises and advise SOC as part of incident response.
The role requires the ability to obtain a certain level of security clearance mandated by the relevant U.S. government branch or agency.