Senior Cyber Incident Manager

Boston Consulting Group
Boston Consulting Group

Lisbon, Portugal

Posted on Jul 12, 2026

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.



What You'll Do

As a Cyber Incident Manager in BCG’s Enterprise Cyber Incident Management (ECIM) team, you will lead and continuously strengthen how BCG manages cyber incidents across its global enterprise environment. You will bring structure, discipline, and clear communication to incident response activity, ensuring incidents are managed consistently from triage through closure and post-incident follow-through.

You will support broader Cyber Incident Management responsibilities, including incident coordination, the ongoing development and improvement of incident management and cyber crisis management processes, governance activities, incident reporting, tabletop exercise planning, operational testing, and post-incident action tracking. During critical and high severity incidents, you may also serve as the incident scribe, ensuring timelines, decisions, actions, owners, and communications are captured accurately in real time.

  • Coordinate end-to-end cyber incident management activities, including intake, triage, escalation, containment, closure, and post-incident action tracking.
  • Serve as incident scribe during critical and high severity incidents, maintaining accurate timelines, decision logs, action trackers, owners, deadlines, and communication records.

  • Lead and coordinate incident management for medium and high-severity cyber incidents, establishing the operating rhythm for bridges, executive updates, regional handoffs, and stakeholder decision-making.

  • Support the maintenance and continuous improvement of cyber incident response plans, including updates to playbooks, SOPs, templates, RACI artifacts, escalation models, evidence standards, and post-incident review materials.

  • Prepare regular executive updates that translate investigation progress into business impact, risk exposure, key decisions, open actions, and leadership oversight needs

  • Provide project management oversight for ECIM programs, maintaining visibility across priorities, milestones, dependencies, risks, actions, and stakeholder updates.

  • Lead Cyber Incident Management governance activities, including policy and process adherence, audit support, control evidence management, and continuous improvement initiatives.

  • Develop and deliver management insights through trend analysis, executive reporting, post-incident action tracking, and follow-through on response actions.

  • Plan and lead operational readiness activities, including tabletop exercises, quarterly notification testing, operational walkthroughs, crisis simulations, and post-incident action tracking.

  • Draft clear, timely incident communications for Information Security leadership, IT, Legal, Risk, Data Privacy, regional leadership, senior management, and other impacted teams.

  • Track post-incident and risk-reduction actions to closure, escalating aged, blocked, or high-risk items through the appropriate management channels.

  • Build trusted working relationships across global, regional, and functional teams, and mentor analysts, coordinators, and partner teams on documentation, action tracking, communications, and post-incident activities.

  • Influence teams without direct authority, helping align diverse stakeholders around incident priorities, response decisions, post-incident commitments, and risk-reduction outcomes.

  • Drive cross-functional accountability during and after incidents by ensuring actions are clearly owned, deadlines are understood, blockers are escalated, and progress is regularly communicated to relevant stakeholders.

  • Foster a strong local community across Information Security, IT, and Risk teams by planning and leading initiatives that encourage collaboration, knowledge sharing, networking, and team engagement.


What You'll Bring

  • Experience working in a cyber security team, preferably with an incident response background.
  • 6–10 years of cyber security, incident response, security operations, technology risk, or enterprise incident management experience.
  • Demonstrated project and program management experience, including stakeholder management, planning, governance, reporting, and risk management.
  • Experience coordinating cyber incidents in large, complex, multinational environments.
  • Strong understanding of common incident types, including phishing, malware, ransomware, unauthorized access, data exposure, cloud or SaaS compromise, and insider risk.
  • Ability to translate technical findings into clear business impact, risks, decisions, actions, and next steps.
  • Strong written and verbal English communication skills, with the ability to work flexibly across time zones.

Preferred Experience

  • Experience working in crisis management, cyber crisis response, or enterprise resilience.
  • Hands-on technical security experience in SOC, threat analysis, DFIR, threat intelligence, or related areas.
  • Familiarity with incident response frameworks such as NIST, MITRE ATT&CK, ISO 27035, ISO 27001, ITIL, and GDPR considerations.
  • Exposure to project management frameworks or certifications such as PMP, ITIL, PRINCE2, or equivalent approaches.
  • Experience supporting tabletop exercises, crisis simulations, quarterly testing, post-incident reviews, and continuous improvement programs.


Who You'll Work With

You will be part of BCG’s Enterprise Cyber Incident Management team within Global Information Security, working from Lisbon as part of a global operating model. You will collaborate closely with Incident Response, Security Engineering, SOC, SIEM/MSSP, Threat Intelligence, IT, Legal, Risk, Data Privacy, regional leadership, and business teams to coordinate incident response and drive clear follow-through. You will also help enable analysts, coordinators, and partner teams by strengthening documentation, communication, and post-incident improvement activities across the incident lifecycle.



Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
BCG is an E - Verify Employer. Click here for more information on E-Verify.