Analyst, Information Security, Risk and Compliance

Company Overview :

Bain & Company is a global consultancy that helps the world’s most ambitious change-makers define the future. Across 65 cities in 40 countries, we work alongside our clients as one team with a shared ambition to achieve extraordinary results, outperform the competition, and redefine industries. We complement our tailored, integrated expertise with a vibrant ecosystem of digital innovators to deliver better, faster, and more enduring outcomes. Our 10-year commitment to invest more than $1 billion in pro bono services brings our talent, expertise, and insight to organizations tackling today’s urgent challenges in education, racial equity, social justice, economic development, and the environment. Since our founding in 1973, we have measured our success by the success of our clients, and we proudly maintain the highest level of client advocacy in the industry.

Position Summary:

The Analyst is a position within Bain's Cyber Security Department, whose mission is to safeguard the digital assets and integrity of the organization. In this role, the Analyst understands how security measures align with the overall organizational strategy and will contribute to the development and implementation of security controls that adhere to regulatory requirements and best practices. The Analyst will participate in cybersecurity projects, risk assessments, and other broader initiatives, driving a secure and compliant digital environment. 

Essential Functions:

Security Analysis and Risk Management (50%)

• Coordinate with various departments to understand business needs, functional, and non-functional security requirements
• Conduct or participate in risk assessments, vulnerability assessments, and security audits
• Help implement security controls and measures in line with regulatory requirements and best practices
• Contribute to time and cost estimates for implementing security measures, advising on trade-offs and priorities
• Work as a member of a cross-functional team focused on cybersecurity
  
  

Policy, Procedure, and Compliance (40%)

• Support the development, deployment, and maintenance of cybersecurity policies, procedures, and guidelines
• Help with the configuration and management of security tools and platforms
• Handle existing setups, user management, access rights, and any escalations from 1st-level support
• Ensure compliance with internal policies and external regulations
  
  

Professional Development and Innovation (10%)

• Stay up-to-date on emerging trends and technologies in cybersecurity
• Participate in technical discovery, proof-of-concepts (POCs), and innovation work streams
• Support efforts to drive innovation and creative problem-solving to meet critical business challenges and demands

Qualifications :

Education and Work Experience:

• 2-4+ Years of relevant experience
• Associate's/Bachelor’s degree or an equivalent combination of education, training and experience
• Fundamental Security/IT Concepts: Understanding of basics like data retention, data classification, access control, and third-party risk
• Common Security Frameworks: Familiarity with ISO, NIST, SOC 2, and GDPR guidelines and standards
  
  

Knowledge, Skills, and Abilities:

Security Analysis and Risk Management:

• Understanding of risk assessments, vulnerability assessments, and security audits
• Familiarity with common security tools and platforms for monitoring and detection.
• Knowledgeable of cybersecurity frameworks and regulations (e.g., NIST, ISO 27001, GDPR)
  
  

Policy and Compliance:

• Understanding of the importance of security policies, procedures, and guidelines
• Awareness of compliance requirements and the role they play in an organization
  
  

General Skills:

• Good communication skills, with the ability to document and explain technical information clearly
• Analytical mindset, with a focus on learning and problem-solving
• Ability to work well in a team, showing strong interpersonal skills
• Eagerness to learn and adapt to new challenges in cybersecurity
• Entrepreneurial spirit, open to trying new approaches and learning from them