Global Risk Security Architect Expert Director

Job Description

Who We Are

Boston Consulting Group (BCG) partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. Founded in 1963, BCG pioneered business strategy and now helps clients with total transformation—driving complex change, enabling growth, building competitive advantage, and delivering bottom-line impact. To succeed, organizations must blend digital and human capabilities.

Our diverse, global teams bring deep industry and functional expertise, along with a range of perspectives to spark change. BCG delivers solutions through management consulting, technology and design, corporate and digital ventures, and business purpose. We work collaboratively across the firm and with all levels of client organizations to generate results that enable our clients to thrive.

What You'll Do

The Global Risk Security Architect Expert Director is a strategic leader responsible for defining and implementing BCG’s enterprise security architecture. This role ensures the protection of data, intellectual property, and client assets by designing secure, scalable, and resilient systems aligned with the firm's business goals and security standards. The architect leads efforts to embed security into every stage of IT systems development, ensuring alignment with agile practices, emerging technologies, and zero-trust principles. Through governance and cross-functional collaboration, the architect ensures secure innovation, operational resilience, and effective risk management.

Key responsibilities include:

1. Security Architecture Leadership: Define and enforce secure engineering practices and frameworks, develop and maintain security blueprints aligned with Agile/DevSecOps methodologies, and ensure security is embedded in all IT projects through secure code reviews, vulnerability testing, and automated CI/CD pipeline integration.
2. Emerging Technology Integration: Drive adoption of advanced technologies such as zero-trust architectures, secure APIs, cryptographic solutions, AI/ML, containerization, and cloud security practices to enhance enterprise defenses.
3. Continuous Improvement: Use insights from incident analysis, threat intelligence, and testing outcomes to refine security architectures. Collaborate with operational teams to incorporate feedback and adapt to evolving threats.
4. Governance and Collaboration: Partner with Security Operations, Incident Response, and Risk Management teams to ensure comprehensive security integration. Facilitate adherence to standards like ISO 27001 and NIST across the enterprise.

You're Good At

• Strategic Vision: Translating complex business strategies into secure, scalable architectures.
• Technical Expertise: Leveraging frameworks and technologies such as zero-trust, DevSecOps, and cryptography.
• Collaboration: Partnering effectively across geographies and functions.
• Problem Solving: Developing innovative solutions for emerging threats.
• Mentorship: Leading teams and fostering a culture of architectural excellence.

What You'll Bring

• Education: Bachelor’s degree or equivalent.
• Experience: At least 10 years in information security, with expertise in enterprise security architecture, cloud security, zero-trust, API security, and DevSecOps pipelines. Proven experience in creating reusable security architectures and integrating security into Agile/DevSecOps practices.
• Technical Skills: Hands-on experience designing secure architectures for hybrid cloud environments; deep understanding of zero-trust frameworks, secure-by-design standards, and agile methodologies; familiarity with automation tools and secure SDLC practices.

Who You'll Work With

You will work within a fast-paced, intellectually challenging environment alongside internal IT, business leaders, and consultants. As part of BCG’s Information Security Risk Management team, you will drive the firm’s security strategies, enabling secure innovation and digital transformation. Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to gender, protected veteran status, or any other characteristic protected under applicable laws. BCG is an E-Verify Employer.

For more information on E-Verify, click here.