Global Director, Cyber Audit & Assurance

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Director, Cyber Audit & Assurance is a senior leadership role within BCG's Information Security Risk Management organization. Reporting to the Senior Director, Information Security Risk Management, this individual is responsible for leading BCG's global cybersecurity audit, certification, and compliance programs.

The role owns the strategy, governance, and execution of the firm's security certification portfolio, including HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials, TISAX, ENS, and other regional, industry-specific, and regulatory requirements. Working across Information Security, Technology, Legal, Privacy, Risk Management, and business stakeholders, the Director ensures that security controls remain effective, certifications are maintained, and the organization is prepared to meet evolving regulatory, client, and market requirements.

Given the firm's significant U.S. regulatory, healthcare, and client-driven certification obligations, this role requires deep expertise in U.S. cybersecurity compliance frameworks and regular engagement with U.S.

-based auditors, legal stakeholders, and business leaders.

This leader provides oversight of external audits, certification activities, and regulatory assessments while driving continuous improvement across BCG's cybersecurity control environment.

Key Responsibilities

* Own and lead BCG's global cyber audit, certification, and compliance portfolio.

* Serve as executive owner for HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials Basic & Plus, TISAX, ENS, and other regional, industry-specific, and regulatory certification programs.

* Define and execute the firm's multi-year cyber audit and certification strategy.

* Lead certification audits, surveillance reviews, recertification activities, and external assessments globally.

* Establish sustainable evidence management, control governance, audit readiness, and continuous compliance processes.

* Manage relationships with external auditors, certification bodies, assessors, regulators, and client audit teams.

* Drive remediation planning and closure of audit findings across global stakeholders.

* Advise business leaders on certification and regulatory requirements supporting market expansion and client commitments.

* Lead or support activities related to emerging U.S. regulatory, government, and industry certification requirements.

* Monitor emerging regulatory, assurance, and AI governance requirements and assess impacts to the firm.

* Lead local and regional certification initiatives required by clients, regulators, and market-specific obligations.

* Develop executive reporting, KPIs, and governance materials for senior leadership and risk committees.

* Present certification, compliance, and regulatory risk matters to executive leadership and governance forums.

* Build, mentor, and lead a high-performing cyber audit and assurance team.

What You'll Bring

* Bachelor's degree in Information Security, Cybersecurity, Information Systems, Risk Management, Business, or related field.

* 12+ years of experience in cybersecurity, information security, audit, risk management, compliance, or assurance functions.

* 5+ years of leadership experience managing enterprise-scale assurance, audit,…