Mckinsey Careers – Senior Manager, Cyber Security

McKinsey & Company


  • Bachelor’s in information security, computer science or equivalent military or professional experience
  • 7+ years of relevant information security experience, ideally in a regulated industry
  • 3-5 years of experience in a similar information security role
  • Holds a CISSP, CISA, CIPP or other security/privacy related certifications
  • Technical understanding of a range cloud-based architectures and technologies such as virtualized infrastructure, Hadoop, containerization, and infrastructure as code
  • Strong knowledge of common information security controls, guidelines and standards such as HITRUST, ISO27001, SOC 2, and NIST CSF
  • Experience of conducting risk assessments threat modeling and information security reviews and audits
  • Project and process management skills including the ability to balance multiple initiatives with demanding deadlines
  • Knowledge of privacy and data protection regulations (e.g., GDPR, CCPA, HIPAA)
  • Knowledge of secure software development lifecycle (OWASP) and DevSecOps is a plus
  • Experience with security technologies and tooling (e.g., vulnerability scanners, firewalls, identity management, security information and event management, IDS/IPS)

What You’ll Do

You will work directly with practice teams and leadership on a range of information security, data protection, governance, risk and compliance activities including client assurance, policy compliance, vulnerability management, risk assessments and incident response.

Supporting SHaPE full-time as part of the Firm’s cybersecurity team, you will be responsible for implementing an information security program that meets both McKinsey policies and standards, the needs of our certification program (e.g., HITRUST, SOC2, ISO27001) as well as the expectations of our clients. You will be responsible for operating and continually improving existing information security processes as well as the development of new processes in response to evolving threats and business opportunities.

You will be working with SHaPE product and engineering teams, you will help continually improve the security posture of our analytics platform, client-facing applications, and data handling processes by ensuring risks are identified and appropriately mitigated.

Who You’ll Work With

You will be based in our Atlanta, Waltham or Dallas office as a member of the Social, Healthcare and Public Entities practice.

The Social, Healthcare and Public Entities (SHaPE) practice is one of 10 industry practices within the Firm and has a mission of measurably improving individuals’ lives, livelihoods and health and creating safer and more just communities around the world. SHaPE serves governments, donors, healthcare payors/providers and non-governmental organizations on topics including health, public finance, education, defense, economic development and beyond.

This role will focus on cybersecurity and data risk associated with SHaPE client engagements (e.g., big data analytics). Our capabilities are foundational to multiple high-profile initiatives and have been core to the practice in delivering organization wide transformation programs for clients. The SHaPE security team works closely with our business leadership, product and engineering teams, and the McKinsey Security Centers of Excellence to ensure we protect our clients’ most sensitive data while enabling us to drive positive change.

To apply for this job email your details to

Job Details:

Company: McKinsey & Company

Vacancy Type: Full Time

Job Location: Waltham, MA

Application Deadline: N/A