Global Cybersecurity Senior Manager

Boston Consulting Group
Boston Consulting Group

Gurugram, Haryana, India

Posted on Jul 7, 2026

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.



What You'll Do

1. Lead ISPM Findings Triage (Heart of the Role)

  • Independently own and drive the triage of identity and entitlement data surfaced by BCG's ISPM system covering:
    • Human identities
    • Non-human identities (service accounts, workloads, bots)
    • Privileged and highly sensitive access
  • Apply senior-level judgement to classify findings by:
    • Criticality per BCG risk index
    • Acceptable vs. contextual risk vs. noise
    • Elimination of false positives using business context and identity risk scoring
  • Own prioritisation decisions based on risk impact, blast radius, and business alignment with full autonomy

2. Lead Identity Risk Interpretation & Contextualisation

  • Independently assess and determine justification for access including:
    • Excessive privilege
    • Dormant but dangerous accounts
    • Toxic combinations
    • Lateral movement risk
  • Map findings to real attack paths, emerging threat patterns, and regulatory requirements
  • Translate graph-based insights into authoritative risk narratives for technical teams and executive stakeholders including CISO, CIO, CTO, and CRO
  • Shape BCG's identity risk strategy through programme-level recommendations with direct senior leadership visibility

3. Own Remediation Outcomes

  • Define and drive specific remediation actions including:
    • Entitlement right-sizing
    • Privilege removal or restriction
    • Ownership reassignment
    • Policy or process refinement
  • Serve as the senior point of accountability for remediation progress across IAM, Cloud Security, Application Owners, and GRC
  • Influence IGA development roadmap based on findings and remediation patterns
  • Track items through closure and validate measurable, reportable risk reduction at enterprise scale

4. Own and Mature the Playbook Framework

  • Design, own, and continuously improve playbooks for:
    • Privileged access risk
    • Non-human identity governance
    • Cloud-to-data access risks
    • Orphaned or over-permissioned identities
  • Set and own enterprise programme standards including:
    • Severity thresholds and risk scoring methodology
    • Escalation criteria and cross-team engagement models
    • SLA expectations for remediation by risk tier
  • Lead ISPM policy tuning to continuously improve signal quality and reduce noise at enterprise scale

5. Serve as BCG's Senior Identity Security Subject Matter Expert

  • Act as the definitive internal authority on ISPM for the Cybersecurity function

  • Drive understanding of dashboards, risk trends, and identity exposure patterns across senior stakeholder teams

  • Lead audit and compliance responses with evidence-based, defensible explanations

  • Independently produce and own executive-ready reporting articulating:
    • "What changed"

    • "Why it matters"

    • "What we are doing about it"

  • Proactively shape identity risk strategy by identifying programme gaps and driving improvements at senior leadership level


What You'll Bring

Must-Have

  • 8+ years of experience in IAM, cloud security, identity governance, or related security analytics
  • Deep expertise in:
    • Privileged access models and enterprise governance frameworks
    • Human vs. non-human identity risk scenarios
    • Entitlement and role-based risk analysis at enterprise scale
  • Demonstrated ability to independently own complex risk decisions and drive enterprise remediation programmes across multiple senior stakeholder teams
  • Strong executive communication skills — able to translate highly technical identity risk into board-level narratives without supervision
  • Proven track record of building, owning, and maturing enterprise-scale security programmes and playbooks

Nice-to-Have

  • Hands-on experience with identity platforms such as Okta, Active Directory, and Entra ID
  • Exposure to cloud IAM across AWS, Azure, and GCP
  • Familiarity with IGA platforms and access review processes
  • Experience with ServiceNow or Jira for vulnerability and remediation tracking
  • Exposure to Zero Trust frameworks and identity-centric security architecture
  • Experience supporting identity-related audits or regulatory compliance initiatives

Success Metrics

  • Consistent reduction in unjustified privileged access across the enterprise
  • Time-to-triage for ISPM findings at programme scale
  • Percentage of findings with clear business justification or active remediation plan
  • Demonstrable and reportable reduction in overall identity risk posture
  • Increased executive confidence in identity risk reporting and programme maturity
  • Quality and adoption of playbooks across IAM and Cloud Security teams



Additional info

BCG's ISPM provides unparalleled visibility into identities, entitlements, and risk — but visibility alone is not risk reduction. This Senior Manager is the senior individual driving the essential link between identity discovery and measurable risk reduction. With deep expertise and enterprise-level programme influence, this role moves BCG from "we have visibility" to "we have a mature, outcomes-driven identity risk programme."



Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
BCG is an E - Verify Employer. Click here for more information on E-Verify.