Global Delivery Director - Secure Data at Boston Consulting Group (BCG)

What You'll Do

• The Global Delivery Director - Secure Data is a critical leadership role that enables the secure foundation of BCG’s digital operations globally. By driving scalable, automated, and user-focused security engineering—and by embedding security into modern engineering and operational practices—this role ensures BCG can innovate securely while maintaining trust, compliance, and operational excellence.
• The Global Delivery Director – Secure Data is responsible for leading the design, delivery, and continuous evolution of BCG’s data security strategy and controls. This role ensures that BCG’s most sensitive data is protected globally through secure-by-design engineering, automation at scale, and resilient security platforms. The Director will drive strategic planning, execution, and operations of scalable, automated, and resilient security solutions that safeguard BCG’s global operations and users, while enabling innovation and agility across BCG Core, BCG X, and CT worldwide. This role is accountable for embedding security within DevSecOps practices, applying Site Reliability Engineering (SRE) principles across all security services, and aligning with privacy, compliance, and business leaders to maintain trust and regulatory compliance.

Key Responsibilities:

Strategic Leadership & Transformation:

• Define and execute a unified security engineering strategy that addresses data protection across all environments and data lifecycle stages.
• Lead the design and implementation of scalable, automated solutions that integrate seamlessly into enterprise platforms and user experiences.
• Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response.
• Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations.
• Champion DevSecOps practices to embed security early into development and delivery workflows.

Data Security Engineering:

• Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification.
• Collaborate with the IAM team to align authentication, authorization, and privileged access policies with data security controls.
• Deliver security capabilities that support modern work scenarios, remote access, zero-trust networking, and protection of sensitive data in AI/ML workloads.
• Leverage automation frameworks and IaC to improve scalability and reduce manual intervention.

Operational Security, SRE & Assurance:

• Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness.
• Embed security telemetry and observability to enable proactive threat detection and automated response.
• Apply SRE principles to improve reliability, performance, and maintainability of security services.
• Define service level objectives (SLOs) and key performance indicators (KPIs) for all security services.

Compliance, Governance & Risk Management:

• Ensure alignment with global compliance requirements such as ISO 27001, NIST, SOC 2, GDPR, and others.
• Partner with governance, legal, and ISRM teams to implement enforceable policies and standards across identity, endpoint, and data domains.
• Implement automated compliance controls and continuous assurance checks.
• Lead risk mitigation efforts with technical solutions that scale across diverse user and system profiles.

Financial & Vendor Management:

• Manage security platform budgets and investments with a focus on cost optimization and long-term value.
• Evaluate and manage third-party vendors and partners, ensuring they meet technical, contractual, and security expectations.
• Lead procurement and renewal cycles in alignment with operational and architectural strategies.

Leadership & Talent Development:

• Build and mentor a global team of security engineers, fostering a high-performance, collaborative, and forward-thinking culture.
• Drive internal knowledge sharing and upskilling programs across the team.
• Collaborate cross-functionally with platform, product, and enterprise architecture teams to embed security early and often.

What You'll Bring

Required Qualifications:

• 10+ years of experience in cybersecurity, security engineering, or platform security roles.
• 5+ years in a senior leadership position with accountability for enterprise-scale security platforms.
• Deep expertise in data protection technologies, with proven ability to design and scale global solutions.
• Experience with security engineering in hybrid and cloud-native environments (AWS, Azure, GCP).
• Proven track record in automating security controls, implementing zero-trust models, and supporting 24x7 security operations.
• Strong understanding of compliance frameworks and risk management strategies.
• Demonstrated ability to present complex security topics to executive leadership.

Preferred Qualifications:

• Certifications such as CISSP, CCSP, CISM, AWS/Azure Security Specialty, or equivalent.
• Experience with tools like Symantec DLP, Zscaler CASB, MS Purview, Palo Alto Prisma, Hashi Vault and other modern security platforms.
• Familiarity with DevSecOps principles, Infrastructure as Code, and secure software development practices.