Global Cybersecurity Director – Architecture BCG Federal

Job Description

Company: Boston Consulting Group

Location: Washington, US

Cybersecurity Architecture & Governance Director

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities.
BCG was the pioneer in business strategy when it was founded in 1963.
Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities.
Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change.
BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose.
We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

BCG Federal is a US federally compliant operating environment at BCG.
The Cybersecurity Architecture & Governance Director will lead the technical core of the cybersecurity program, integrating advanced cybersecurity architecture, technical risk management and regulatory compliance execution.

In this role, you will be the lead technical authority on designing and validating technical security systems to protect company assets in strict compliance with US Government security requirements (including NIST SP 800-171, NIST SP 800-53, FedRAMP, and CMMC).
You will lead a team of high-performing engineering and technical GRC professionals, managing technical risk profiles, setting cloud hardening standards, and establishing security guardrails for emerging AI capabilities.

Locations:
Boston | Atlanta | Washington

The Cybersecurity Architecture & Governance Director is good at:
• Interacting with stakeholders and possessing the ability to influence direction, articulate risks and sell secure solutions/roadmaps
• Pillar Leadership & Strategy:
Lead the GRC and technical architecture perspective of the BCG Federal Cybersecurity program, driving strategic alignment between business goals and deep technical security controls
• Technical Framework Interpretation:
Interpret complex regulatory, federal, and contractual compliance mandates into precise, actionable technical architectures and engineering designs for application, network, and cloud environments
• Enterprise Risk Management:
Manage the enterprise security risk register for technical risks.
Review, approve, and document sophisticated technical security exceptions and alternative compensating controls to enable business continuity while protecting BCG Federal assets.
• Cloud & Platform Hardening:
Oversee and approve the design, implementation, and security configuration of Azure Government Community Cloud (GCC) High and AWS Gov environments
• AI & Emerging Tech Security:
Lead the technical security assessment, architectural standards, and threat modeling of Artificial Intelligence (AI) and Generative AI (GenAI) capabilities, developing robust mitigation strategies to safeguard federal and corporate data across compliant cloud and enterprise environments
• Secure DevSecOps & SDLC:
Direct the integration of automated security testing, software configuration monitoring, and Infrastructure-as-Code (IaC) security practices throughout software and model development lifecycles
• Cross-Functional Advisory:
Provide expert technical security advisory and guidance to product developers, cloud infrastructure engineers, and senior business executives across BCG Federal

You’re good at:
• Translating business strategies and complex regulatory rules into secure, scalable enterprise security solutions
• Communicating and articulating sophisticated technical risks to executive and non-technical stakeholders, while influencing cross-functional teams to adopt secure architectural roadmaps
• Leading the development of innovative, risk-based engineering mitigations to allow business operations to continue safely during active remediation cycles
• Conducting systemic enterprise technical risk reviews on vendor software, cloud platforms, and third-party tools to ensure compliance with federal security and data protection requirements
• Building and fostering a controls-focused security culture through strong technical leadership, mentorship, and managing a technical team to deliver complex architecture Initiatives
• Building strong cross-functional partnerships across Federal IT, BCG cloud engineering, enterprise security, legal/compliance, and client delivery teams to drive aligned, secure and compliant technology solutions.

What You’ll Bring:
• Experience:
Minimum of 8-10+ years of information security experience, with a proven track record of leading technical architecture, cloud native security engineering, and technical GRC initiatives
• Framework Mastery:
Subject matter expertise in federal security compliance frameworks, specifically NIST SP 800-171, NIST SP 800-53, CMMC, and DFARS 7012
• Technical Acumen:
In-depth engineering familiarity with secure CI/CD pipelines, automated scanning configurations (SAST/DAST), threat modeling, and Azure/AWS cloud infrastructures
• Preferred Certifications:
Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or equivalent industry credentials
• Clearance:
Ability to obtain and maintain a US Government Secret Clearance

You will operate in a fast-paced, intellectually intense, service-oriented environment, interpreting complex regulatory and security requirements in keeping with BCG’s values and business needs.
You will collaborate closely with internal IT, security and business teams, as well as consultants deliverin.

Source: Jobilize