MCPNew: now works with Claude & AI assistants
keystone

keystone

Global Cybersecurity Senior Manager

Company

keystone

Role

Global Cybersecurity Senior Manager

Location

Atlanta, Georgia, United States of America

Job type

-

Found on Mokaru

🔥Recently

Share this job

Salary

$144k - $176k/yearly

Job description

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

As the Global Cybersecurity Senior Manager for Attack Surface Management, you will lead BCG's enterprise Attack Surface Management service, transforming technical security findings into prioritized risk decisions and measurable remediation outcomes. Working across infrastructure, cloud, network, and identity security domains, you will provide continuous visibility into enterprise cyber exposure while enabling technology teams to reduce organizational risk through effective remediation.

You will serve as an enterprise subject matter expert for Attack Surface Management within Information Security Risk Management (ISRM). By partnering across Security Operations, Infrastructure, Cloud, Identity, Network, and Governance, Risk, and Compliance (GRC) teams, you will drive consistent risk prioritization, improve operational processes, and deliver executive-level reporting that strengthens BCG's cybersecurity posture.

Your responsibilities will include

  • Triage Attack Surface Findings (Heart of the Role)
  • Review misconfigurations and vulnerabilities surfaced across scanning platforms covering:
  • Infrastructure and endpoint exposure
  • Cloud misconfigurations and workload risk
  • Network vulnerabilities and segmentation gaps
  • Identity and privilege-related exposures
  • Leverage AI-powered vulnerability assessment tools to continuously scan, correlate, and surface high-priority findings across domains at scale
  • Classify findings by:
  • Criticality per BCG risk index
  • Acceptable vs. contextual risk vs. noise
  • Use AI-assisted triaging workflows to accelerate initial classification, pattern detection, and anomaly identification across large volumes of findings
  • Remove false positives using business context and asset criticality scoring, augmented by AI-driven noise reduction and contextual filtering
  • Prioritise remediation based on severity, exploitability, blast radius, and business alignment
  • Interpret & Contextualise Attack Surface Risk
  • Determine the business impact of open findings including:
  • Unpatched critical vulnerabilities
  • Exposed assets and services
  • Misconfigured cloud and network controls
  • Privilege escalation pathways
  • Map findings to real attack paths and regulatory requirements
  • Apply AI-generated risk scoring and attack path simulation to enrich contextualisation and identify non-obvious exposure chains
  • Translate technical findings into plain-English risk narratives for both technical teams and executive stakeholders including CISO, CIO, CTO, and CRO
  • Leverage AI-assisted reporting to generate structured, executive-ready risk summaries and trend analyses, reducing manual reporting effort and improving consistency
  • Drive Remediation Outcomes
  • Recommend specific actions such as:
  • Patch prioritisation and deployment
  • Misconfiguration remediation
  • Asset hardening and configuration baseline enforcement
  • Policy or process refinement
  • Utilise AI-driven prioritisation models to rank remediation actions by predicted impact, exploitability likelihood, and asset criticality
  • Partner with Infrastructure, Cloud, Network, Identity, and GRC teams to drive remediation to closure
  • Track findings through resolution and validate measurable reduction in attack surface exposure
  • Build Repeatable Playbooks
  • Develop playbooks for:
  • Critical vulnerability triage and escalation
  • Cloud misconfiguration remediation
  • Network exposure management
  • Identity and privilege-related attack surface risks
  • Embed AI-assisted triage and classification steps within playbooks to enable faster, more consistent execution across teams
  • Define:
  • Severity thresholds and risk scoring criteria
  • Escalation criteria and ownership assignment
  • SLA expectations for remediation by risk tier
  • Tune scanning tool policies to reduce noise and improve signal quality across Tenable, Wiz, and Microsoft Defender for Endpoint, incorporating AI-based tuning recommendations where available
  • Serve as the Internal Attack Surface Management Expert
  • Be one of the go-to subject matter experts on Attack Surface Management for the Cybersecurity team
  • Help teams understand dashboards, risk trends, and exposure reports from scanning platforms, including AI-generated insights and predictive risk indicators
  • Champion the adoption of AI-led vulnerability assessment and reporting capabilities across ISRM and partner teams
  • Support audit and compliance inquiries with evidence-based risk documentation, leveraging AI-generated audit trails and reporting outputs where applicable

Success in this role will be measured through

  • Consistent reduction in critical and high-risk vulnerabilities across the enterprise.
  • Improved time-to-triage for vulnerabilities across infrastructure, cloud, network, and identity domains.
  • Increased percentage of findings with documented business justification or active remediation plans.
  • Demonstrable reduction in enterprise attack surface exposure.
  • Increased executive confidence in cybersecurity risk reporting and remediation effectiveness.

What You'll Bring

Must-Have

  • 8+ years in cybersecurity, with at least 3 years focused on attack surface management, vulnerability management, or exposure management
  • Strong understanding of:
  • Vulnerability lifecycle and risk-based prioritisation
  • Misconfiguration risks across cloud, network, and infrastructure environments
  • Identity and privilege-related attack surface exposure
  • Hands-on experience with tools such as Tenable, Wiz, and Microsoft Defender for Endpoint
  • Ability to analyse complex, multi-domain risk landscapes and communicate clearly to executive stakeholders
  • Proven experience leading security teams and driving cross-functional remediation programmes

Nice-to-Have

  • Experience with CVSS scoring, EPSS, and threat intelligence integration into prioritisation workflows
  • Familiarity with cloud IAM and identity security (Entra ID, Okta, AWS IAM)
  • Exposure to Zero Trust frameworks and principles
  • Familiarity with ServiceNow or Jira for vulnerability tracking and remediation workflows
  • Professional certifications such as CISSP, CISM, CEH, or equivalent.

Who You'll Work With

You will join the Information Security Risk Management (ISRM) organization within Security Operations and collaborate with cybersecurity professionals responsible for protecting BCG's global technology environment.

Working closely with Infrastructure, Cloud, Network, Identity, Endpoint Security, and Governance, Risk, and Compliance teams, you will help prioritize enterprise cyber risk, improve remediation effectiveness, and strengthen the firm's overall security posture. You will also partner with senior technology and security leaders to provide actionable insights that support strategic cybersecurity decision-making.

Additional info

  • ** For US locations only ***

In the US, we have a compensation transparency approach.

Total compensation for this role includes base salary, annual discretionary performance bonus, retirement contribution, and a market leading benefits package described below.

The base salary range for this role in Atlanta is $144,000.00 -$176,000.00.

This is an estimated range, however, specific base salaries within the range depend on various factors such as experience and skill set. It is not common for new BCG employees to be hired at the high-end of the salary range. BCG regularly reviews its ranges to ensure market competitiveness.

In addition to your base salary, your total compensation will include a bonus of up to 20% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years.

All of our plans provide best in class coverage

  • Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children
  • Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs
  • Dental coverage, including up to $5,000 in orthodontia benefits
  • Vision insurance with coverage for both glasses and contact lenses annually
  • Reimbursement for gym memberships and other fitness activities
  • Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan
  • Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement
  • Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)
  • Paid sick time on an as needed basis

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.

BCG is an E - Verify Employer. Click here for more information on E-Verify.

Resume ExampleCover Letter Example

Explore more