Risk Manager

Job Description

Who You'll Work With

You will be based in Atlanta, Chicago, New York, Seattle, or Waltham and will be a member of the McKinsey Digital’s CORE (Center of Risk Excellence) team. This group provides comprehensive, integrated risk management services across McKinsey Digital’s services in a dynamic and fast-paced environment.

You will be an expert in technology, information security, privacy, data governance and compliance in our growing risk program which focuses on guiding McKinsey Digital practitioners on a broad range of risk topics thus enabling them to deliver unrivaled client impact. You will report to our Global Director of Operations for McKinsey Digital, with a dotted line to our Global Managing Counsel, McKinsey Digital.

When you join McKinsey as a risk manager, you will join a firm that will challenge you and invest heavily in your professional development. In this role, you will have the opportunity to work in a team that enables our firm to help the best organizations in the world – across the private, public, and social sectors – solve some of their most difficult problems. You will also work with a broad range of experts, from data scientists to researchers to software and app designers. As part of this CORE team, you will work closely with your fellow members to help our clients deliver breakthrough products, experiences, and businesses, both on technology and non-technology topics. You will work with various industries including everything from IT modernization and strategy, to Agile, cloud, cybersecurity, and digital transformation. In addition, McKinsey Digital is a fast moving growth area for McKinsey, and your role will have increasing responsibility and visibility.

What You'll Do

You will deliver expert risk advice and guidance on the firm’s most cutting-edge work while building and shaping a world-class risk management program. In this role, you will guide McKinsey Digital colleagues on a broad range of risk matters, particularly focusing on technology, information security, privacy (i.e., GDPR, CCPA), and AI/ML. You will also execute risk assessments of new consulting projects and help the teams implement appropriate risk mitigation. Furthermore, you will closely collaborate with Legal, InfoSec, Privacy and other risk-focused McKinsey teams and stakeholders to deliver impactful and holistic guidance, requiring timely analysis, detailed documentation and strategic escalation of risk matters to leadership. In addition, you will monitor the external landscape, examining and interpreting industry and regulatory trends, and communicating relevant updates to the team.You will develop program resources by documenting key processes, creating resources and drafting awareness materials to enable an efficient and overall positive CORE experience for colleagues. On top of that, you will deliver leadership updates and contributing to program, enterprise and policy guidance.In driving digital protocols and knowledge, you will help develop and implement best practices for operational risk including requirements related to software delivery (including OSS and SaaS), AI/ML, privacy, cloud services, data security, intellectual property rights and IoT. Over time, you will help in developing risk-themed guidance protocols and playbooks, as well as delivering training and awareness presentations.You will drive program development and management initiatives as well as leading other special projects, initiatives and matters as necessary. Finally, you will partner closely with team colleagues to define, build and deliver timely, impactful and actionable program reporting to program stakeholders and leadership.

Qualifications

• Bachelor's degree; Graduate degree in a risk-related field a plus
• 7-10 years of professional experience in a risk-related field
• Progressive and sustained accomplishments in a professional-service industry (i.e., management consulting)
• Possession of or commitment to the pursuit of industry certifications – e.g., CIPP, CRISC, CISSP, CISM, CGEIT, GIAC
• Working knowledge of industry and regulatory frameworks and guidance – e.g., GDPR, HIPAA, ISO27001, GAPP, NIST
• Demonstrated track record of success in domains of law, InfoSec, privacy, audit and/or compliance
• Excellent analytical, problem solving, and organizational skills with keen attention to detail
• Exemplary ability to cultivate trust-based relationships
• Experience working in areas of data processing, cloud computing and software development /delivery
• Experience managing large, complex and multi-disciplinary programs
• Outstanding English written and verbal communication skills
• Flexibility for moderate travel and some work outside of standard office hours