We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Supplier Cyber Risk Manager

McKinsey & Company
parental leave, paid time off
United States, D.C., Washington
Dec 18, 2024
The McKinsey recruiting team will be celebrating the holidays and there will be no online application support available starting December 24th, regular support would resume by January 6th. Please refer to our site https://www.mckinsey.com/careers/application-faq for frequently asked questions. Thank you and wishing you happy holidays!


Procurement
Supplier Cyber Risk Manager
Job ID: 94044

Are you driven by the opportunity to tackle complex challenges and work alongside top leaders? Do you want to be part of a team that delivers outcomes that others simply can't? If so, you've come to the right place.
Who You'll Work With
You will be part of Optimize, McKinsey's global procurement capability, enhancing and protecting the firm's resources and reputation by making responsible buying easy and creating leading solutions and experiences across our supplier ecosystem.
We are hiring for a Manager within the Cyber & Data Risk pillar of Optimize's Supplier Risk & Social Responsibility team. This team leads and oversees the firm's global supplier risk management program across risk domains. You will report to the Director of Supplier Risk Strategy and work cross-functionally with key stakeholders including Cybersecurity, Cyber Legal and Compliance as you support, shape and deliver on the firm's supplier cybersecurity risk initiatives and strategies. You will be based out of the Philadelphia, Washington DC, Atlanta, Denver, Miramar, or Tampa offices.
Your impact within our firm
In this role, you will be responsible for mitigating supplier cybersecurity risks in the firm's supplier onboarding process and across its supply base.
You will lead strategy development and program execution of the next generation of cyber supplier risk management program. This will include designing a risk-based cyber diligence methodology, evaluation framework, ongoing monitoring, issue management and related risk artifacts. You will ensure the robustness and efficiency of cyber controls in our end-to-end procurement lifecycle, while being able to balance cybersecurity requirements with supplier risk and business objectives. You will deliver on and represent Optimize supplier cybersecurity priorities across the firm.
You will assess and analyze supplier data and cybersecurity risks across our procurement processes. You will report on clear program metrics including security compliance for suppliers, incidents, Key Performance Indicators (KPIs) and Objectives and Key Results (OKRs). You will proactively identify risk areas and opportunities and collaborate with cross functional teams to problem solve viable solutions. You will gain alignment and lead/support the implementation of agreed recommendations on behalf of the procurement team.
You will foster and champion a "risk first" culture and create awareness across the firm on supplier cybersecurity risk topics. You will build rapport and develop trust-based relationships with key stakeholders and other risk teams that work on supplier and cybersecurity issues. You will be a subject matter expert and advise colleagues on cyber risk topics as they relate to supplier and procurement processes.
Your qualifications and skills
  • Bachelor's/university degree required
  • 7+ years of relevant experience in cybersecurity
  • Deep knowledge of cybersecurity policies, standards and best practices
  • Experience in third party risk from both a strategic and operational perspective
  • Understanding of cybersecurity diligence methods, including vulnerability assessments and penetration testing
  • Technical understanding of the cybersecurity landscape and working knowledge of common information security controls, guidelines and standards (e.g., ISO27001, OWASP, SOC 2, NIST)
  • Must be comfortable with ambiguity; demonstrate strong problem solving and creative thinking skills; must be able to work under pressure and tight deadlines
  • Ability to interact and influence at all levels of management across functions
  • Project and process management skills, with expertise prioritizing and managing multiple projects/tasks simultaneously
  • Demonstrated experience in developing documents and presenting complex information to colleagues at all levels
  • Global experience in a professional services or consulting environment a plus
Please review the additional requirements regarding essential job functions of McKinsey colleagues.


Apply Now
Apply Later

FOR U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law.

Certain US jurisdictions require McKinsey & Company to include a reasonable estimate of the salary for this role.
For new joiners for this role in the United States, including all office locations where the job may be performed, a reasonable estimated range
is $152,300 - $203,000 USD -to help you understand what you can expect. This reflects our best estimate of the lowest to highest
[salary/hourly wages] for this role at the time of this posting, ensuring you have a clear picture right from the start, though it's important
to remember that actual salaries may vary. Factors like your office location, your unique blend of experience and skills, start date and our current
organizational needs all play a part in determining the final figure. Certain roles are also eligible for bonuses, subject to McKinsey's discretion
and based on factors such as individual and/or organizational performance.

Additionally, we provide a comprehensive benefits package that reflects our commitment to the wellness of our colleagues and their families.
This includes medical, mental health, dental and vision coverage, telemedicine services, life, accident and disability insurance, parental leave and family planning benefits, caregiving resources, a generous retirement contributions program, financial guidance,
and paid time off.

FOR NON-U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity employer. For additional details
regarding our global EEO policy and diversity initiatives, please visit our
McKinsey Careers and
Diversity & Inclusion sites.

Job Skill Group - CSSA

Job Skill Code - MPC - Procurement Manager

Function -

Industry -

Post to LinkedIn - Yes

Posted to LinkedIn Date - Thu Dec 19 00:00:00 GMT 2024

LinkedIn Posting City - Philadelphia

LinkedIn Posting State/Province - New Jersey

LinkedIn Posting Country - United States

LinkedIn Job Title - Supplier Cyber Risk Manager

LinkedIn Function - Consulting;Supply Chain

LinkedIn Industry - Management Consulting

LinkedIn Seniority Level - Mid-Senior level
Applied = 0

(web-86f5d9bb6b-jpgxp)