What you'd actually do

Pillar Leadership & Strategy: Lead the GRC and technical architecture perspective of the BCG Federal Cybersecurity program, driving strategic alignment between business goals and deep technical security controls

Technical Framework Interpretation: Interpret complex regulatory, federal, and contractual compliance mandates into precise, actionable technical architectures and engineering designs for application, network, and cloud environments

Enterprise Risk Management: Manage the enterprise security risk register for technical risks. Review, approve, and document sophisticated technical security exceptions and alternative compensating controls to enable business continuity while protecting BCG Federal assets.

Cloud & Platform Hardening: Oversee and approve the design, implementation, and security configuration of Azure Government Community Cloud (GCC) High and AWS Gov environments

AI & Emerging Tech Security: Lead the technical security assessment, architectural standards, and threat modeling of Artificial Intelligence (AI) and Generative AI (GenAI) capabilities, developing robust mitigation strategies to safeguard federal and corporate data across compliant cloud and enterprise environments

Skills

Required

Minimum of 8–10+ years of information security experience, with a proven track record of leading technical architecture, cloud native security engineering, and technical GRC initiatives
Subject matter expertise in federal security compliance frameworks, specifically NIST SP 800-171, NIST SP 800-53, CMMC, and DFARS 7012
In-depth engineering familiarity with secure CI/CD pipelines, automated scanning configurations (SAST/DAST), threat modeling, and Azure/AWS cloud infrastructures
Ability to obtain and maintain a US Government Secret Clearance

Nice to have

Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or equivalent industry credentials

Locations: Boston | Atlanta | Washington

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

BCG Federal is a US federally compliant operating environment at BCG. The Cybersecurity Architecture & Governance Director will lead the technical core of the cybersecurity program, integrating advanced cybersecurity architecture, technical risk management and regulatory compliance execution.

In this role, you will be the serve as the lead technical authority on designing and validating technical security systems to protect company assets in strict compliance with US Government security requirements (including NIST SP 800-171, NIST SP 800-53, FedRAMP, and CMMC). You will lead a team of high-performing engineering and technical GRC professionals, managing technical risk profiles, setting cloud hardening standards, and establishing security guardrails for emerging AI capabilities.

WHAT YOU WILL DO

The Cybersecurity Architecture & Governance Director is good at:
Interacting with stakeholders and possessing the ability to influence direction, articulate risks and sell secure solutions/roadmaps
Pillar Leadership & Strategy: Lead the GRC and technical architecture perspective of the BCG Federal Cybersecurity program, driving strategic alignment between business goals and deep technical security controls
Technical Framework Interpretation: Interpret complex regulatory, federal, and contractual compliance mandates into precise, actionable technical architectures and engineering designs for application, network, and cloud environments
Enterprise Risk Management: Manage the enterprise security risk register for technical risks. Review, approve, and document sophisticated technical security exceptions and alternative compensating controls to enable business continuity while protecting BCG Federal assets.
Cloud & Platform Hardening: Oversee and approve the design, implementation, and security configuration of Azure Government Community Cloud (GCC) High and AWS Gov environments
AI & Emerging Tech Security: Lead the technical security assessment, architectural standards, and threat modeling of Artificial Intelligence (AI) and Generative AI (GenAI) capabilities, developing robust mitigation strategies to safeguard federal and corporate data across compliant cloud and enterprise environments
Secure DevSecOps & SDLC: Direct the integration of automated security testing, software configuration monitoring, and Infrastructure-as-Code (IaC) security practices throughout software and model development lifecycles
Cross-Functional Advisory: Provide expert technical security advisory and guidance to product developers, cloud infrastructure engineers, and senior business executives across BCG Federal

YOU’RE GOOD AT

Translating business strategies and complex regulatory rules into secure, scalable enterprise security solutions
Communicating and articulating sophisticated technical risks to executive and non-technical stakeholders, while influencing cross-functional teams to adopt secure architectural roadmaps
Leading the development of innovative, risk-based engineering mitigations to allow business operations to continue safely during active remediation cycles
Conducting systemic enterprise technical risk reviews on vendor software, cloud platforms, and third-party tools to ensure compliance with federal security and data protection requirements
Building and fostering a controls-focused security culture through strong technical leadership, mentorship, and managing a technical team to deliver complex architecture Initiatives
Building strong cross-functional partnerships across Federal IT, BCG cloud engineering, enterprise security, legal/compliance, and client delivery teams to drive aligned, secure and compliant technology solutions.

What You'll Bring

Experience: Minimum of 8–10+ years of information security experience, with a proven track record of leading technical architecture, cloud native security engineering, and technical GRC initiatives
Framework Mastery: Subject matter expertise in federal security compliance frameworks, specifically NIST SP 800-171, NIST SP 800-53, CMMC, and DFARS 7012
Technical Acumen: In-depth engineering familiarity with secure CI/CD pipelines, automated scanning configurations (SAST/DAST), threat modeling, and Azure/AWS cloud infrastructures
Preferred Certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or equivalent industry credentials
Clearance: Ability to obtain and maintain a US Government Secret Clearance

Who You'll Work With

You will operate in a fast-paced, intellectually intense, service-oriented environment, interpreting complex regulatory and security requirements in keeping with BCG’s values and business needs. You will collaborate closely with internal IT, security and business teams, as well as consultants delivering strategy and technology solutions to our clients. You will partner with application developers and data analysts to enable secure-by-design tooling and platforms supporting our consultants. You will be an integral member of the BCG Information Security Risk Management team, in delivering the cybersecurity security program across BCG Federal and the broader enterprise.

Additional info

In the US, we have a compensation transparency approach.

Total compensation for this role includes base salary, annual discretionary performance bonus, retirement contribution, and a market leading benefits package described below.

The base salary range for this role begins at $173,000 in our lowest cost US region and goes up to $199,700 in our highest cost US region. Your recruiting contact can share more about the specific salary range for your preferred location during the hiring process.

This is an estimated range, however, specific base salaries within the range depend on various factors such as experience and skill set. It is not common for new BCG employees to be hired at the high-end of the salary range. BCG regularly reviews its ranges to ensure market competitiveness.

In addition to your base salary, your total compensation will include a bonus of up to 30%% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years.

All of our plans provide best in class coverage:

Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children
Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs
Dental coverage, including up to $5,000 in orthodontia benefits
Vision insurance with coverage for both glasses and contact lenses annually
Reimbursement for gym memberships and other fitness activities
Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan
Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement
Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)
Paid sick time on an as needed basis

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws. BCG is an E - Verify Employer. Click here for more information on E-Verify.