Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Director, Cyber Audit & Assurance is a senior leadership role within BCG's Information Security Risk Management organization. Reporting to the Senior Director, Information Security Risk Management, this individual is responsible for leading BCG's global cybersecurity audit, certification, and compliance programs.
The role owns the strategy, governance, and execution of the firm's security certification portfolio, including HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials, TISAX, ENS, and other regional, industry-specific, and regulatory requirements. Working across Information Security, Technology, Legal, Privacy, Risk Management, and business stakeholders, the Director ensures that security controls remain effective, certifications are maintained, and the organization is prepared to meet evolving regulatory, client, and market requirements.
Given the firm's significant U.S. regulatory, healthcare, and client-driven certification obligations, this role requires deep expertise in U.S. cybersecurity compliance frameworks and regular engagement with U.S.-based auditors, legal stakeholders, and business leaders.
This leader provides oversight of external audits, certification activities, and regulatory assessments while driving continuous improvement across BCG's cybersecurity control environment.

Key Responsibilities

• Own and lead BCG's global cyber audit, certification, and compliance portfolio.
• Serve as executive owner for HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials Basic & Plus, TISAX, ENS, and other regional, industry-specific, and regulatory certification programs.
• Define and execute the firm's multi-year cyber audit and certification strategy.
• Lead certification audits, surveillance reviews, recertification activities, and external assessments globally.
• Establish sustainable evidence management, control governance, audit readiness, and continuous compliance processes.
• Manage relationships with external auditors, certification bodies, assessors, regulators, and client audit teams.
• Drive remediation planning and closure of audit findings across global stakeholders.
• Advise business leaders on certification and regulatory requirements supporting market expansion and client commitments.
• Lead or support activities related to emerging U.S. regulatory, government, and industry certification requirements.
• Monitor emerging regulatory, assurance, and AI governance requirements and assess impacts to the firm.
• Lead local and regional certification initiatives required by clients, regulators, and market-specific obligations.
• Develop executive reporting, KPIs, and governance materials for senior leadership and risk committees.
• Present certification, compliance, and regulatory risk matters to executive leadership and governance forums.
• Build, mentor, and lead a high-performing cyber audit and assurance team.

What You'll Bring

• Bachelor's degree in Information Security, Cybersecurity, Information Systems, Risk Management, Business, or related field.
• 12+ years of experience in cybersecurity, information security, audit, risk management, compliance, or assurance functions.
• 5+ years of leadership experience managing enterprise-scale assurance, audit, or compliance programs.
• Demonstrated ownership of complex global certification and assurance programs.
• Deep expertise with HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials, TISAX, ENS, and related frameworks.
• Deep expertise in HIPAA, HITRUST, U.S. healthcare security requirements, and U.S. regulatory compliance frameworks.
• Strong working knowledge of NIST Cybersecurity Framework (CSF), NIST 800-53, and NIST 800-171.
• Experience supporting U.S. government, defense, healthcare, or other highly regulated industry compliance programs.
• Experience leading external audits, certification programs, and regulatory examinations.
• Experience presenting certification, compliance, and regulatory risk matters to executive leadership and governance committees.
• Proven ability to influence senior executives and drive outcomes across a highly matrixed global organization.

Preferred Qualifications

• Experience within consulting, professional services, healthcare technology, SaaS, cloud, or other highly regulated industries.
• Familiarity with U.S. government and regulated-industry certification programs, such as CMMC, FedRAMP, StateRAMP, or equivalent assurance requirements.
• Familiarity with AI governance, AI assurance, and emerging regulatory frameworks.
• Professional certifications such as CISSP, CISA, CISM, CRISC, HITRUST CCSFP, ISO 27001 Lead Auditor, or equivalent.

The successful candidate is a strategic, business-oriented cybersecurity leader who combines deep audit, certification, and compliance expertise with strong executive presence. They are capable of translating complex regulatory and certification requirements into practical business outcomes, influencing stakeholders at all levels, and leading global programs that directly support client trust and business growth.
This role requires exceptional communication, collaboration, and leadership skills, as well as the ability to operate effectively in a fast-paced, global, and highly matrixed environment.

Additional info

*** For US locations only ***

In the US, we have a compensation transparency approach.

Total compensation for this role includes base salary, annual discretionary performance bonus, retirement contribution, and a market leading benefits package described below.

• The base salary range for this role in Atlanta is $176,000.00 -$214,700.00.

This is an estimated range, however, specific base salaries within the range depend on various factors such as experience and skill set. It is not common for new BCG employees to be hired at the high-end of the salary range. BCG regularly reviews its ranges to ensure market competitiveness.

In addition to your base salary, your total compensation will include a bonus of up to 30% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years.

All of our plans provide best in class coverage:

• Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children

• Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs

• Dental coverage, including up to $5,000 in orthodontia benefits

• Vision insurance with coverage for both glasses and contact lenses annually

• Reimbursement for gym memberships and other fitness activities

• Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan

• Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement

• Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)

• Paid sick time on an as needed basis

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
BCG is an E - Verify Employer. Click here for more information on E-Verify.