Director of Security and IT Compliance

Manhattan Beach
America – Venture Operations
We’re BCG Digital Ventures. Welcome.
We are an ever-growing global team of the world’s most remarkable entrepreneurs, designers, engineers, venture architects, product experts and investors. Our ventures create a strategic advantage for the most important global companies.
This is BCG Digital Ventures. Adventure awaits you…
Introducing our Venture Operations Team
Our Venture Operations Team is how we redefine what's possible. It's where organizational insight aligns with operational excellence to keep our business thriving and producing imaginative ventures that have to be seen to be believed.
Venture Operations Team is the internal force that drives us forward, enabling us to build compelling products, services and ventures by building and advising on internal tools and systems for DV and our Ventures
Together, these one-of-a-kind problem-solvers direct our inner corporate structures with incomparable precision, profound analytic foresight and a deep commitment to world-class business services.
We have entered a decade of disruption of large corporate business models, driven by a step change in the power of technology and the audacity and speed of start-ups. To be fit for and shape the future, we utilize cutting-edge technologies, and practices to support our collaboration, our ideation and our innovations.
BCG Digital Ventures is seeking a high caliber and forwarding-thinking technology leader, with extensive experience in Compliance, Security, GDPR and IT strategy from the technology/digital product sector. Reporting to the BCG Chief Information Security Officer and the Local DV Engineering Head, the new Director of Security and IT Compliance will be instrumental in the defining and guiding our use of technology, establishing security and privacy protocols and managing our IP library. This person will lead and drive our Security and compliance agenda globally - covering initiatives within ventures, DV, and internal infrastructure. Innovation and change are hallmarks of our work; the Director of Security and IT Compliance must be able to adjust to innovative Venture needs and a dynamic and growing business.
The responsibilities of the BCG Digital Ventures Director of Security and IT Compliance:
As part of a cross-functional team, the Director of Security and IT Compliance is responsible for conducting risk assessments, security audits, and overall compliance.
·         Understand the business, strategy, and information security requirements, implementing information security standards, conducting system security and vulnerability analyses and risk assessments, recommending secure architecture aligned to business architecture, and identifying/driving remediation of integration issues.
·         Global coordination and alignment with engineering and IT Teams across BCGDV Centers and Labs & BCG
·         Work closely with BCG, Venture, IT and legal teams to improve DV security posture, compliance and risk management.
·         Share best practices in information security between the venture teams and the rest of the DV enterprise.
·         Interacts with stakeholders and possesses the ability to influence direction, articulate risks and sell secure solutions/roadmaps.
·         Document and execute the internal risk analysis process and 3rd party risk process for business partners, affiliates, subsidiaries, and recommend appropriate mitigation to ensure protection of corporate information assets.
·         Provides expert knowledge of information security solutions and applications, as well as good information security methodologies in the software development life cycle.
·         Operate the internal and external security regulatory compliance framework and audit processes (e.g. PCI, HIPAA, SOX, GDPR, GLBA, etc.) and provide metrics to management on a regular basis.
·         Partner with internal and external designers, engineers to ensure security requirements for applications, data, infrastructure, and cloud services
·         Assists the enterprise computer incident response team in information security events and incidents affecting the business unit
·         Review contracts to ensure appropriate data safeguards are included.
- Occasionally travel to other DV locations based internationally

Required Qualifications
·         12+ years of related work experience
·         Experience with PCI compliance and related process and operations
·         Knowledge in developing and maintaining information security policy, standards and guidelines
·         Experience with PII (Personally Identifiable Information) and Data Laws as used in information security and privacy laws
·         Experience with data security, proper policy and governance along with DRP strategies. 
·         Strong written and verbal communications skills with the ability to create and present technical and risk recommendations to business leaders as well as influence and persuade others
·         Conceptual understanding with deep and broad knowledge over multiple security subject areas and applied experience
·         Diverse technical background in Security and Risk Management combined with significant organizational and security industry awareness and knowledge
·         Ability to communicate (written and verbally) highly complex and technical concepts and information risk to a non-technical business audience to aid them in making informed risk decisions.
·         Must have experience managing compliance efforts and experience with business risk management with the ability to communicate the balance between strong security and enabling business.
Preferred Qualifications
·         IT security certifications (CISSP, CISM, CISA, GIAC, CEH or similar)
·         An education level of: BA/BS Degree (4-year) in Information Technology, CS/Engineering, Economics, or Business Preferred
·         Based in Berlin, London or Manhattan Beach (US)