Bain & Company Inc

Analyst, TSG Information Security, Risk and Compliance (Delhi)

Job Location IN-New Delhi
Job ID
Posted Date
Hidden (8730)
Regular Full-Time

Company Overview

Bain is one of the world's top management consulting firms. Founded in 1973, Bain has 59 offices in 37 countries. We have developed a track record of delivering results through tailored, pragmatic, actionable solutions for our clients. Bain has worked with thousands of major multinational organizations from every economic sector, in every region of the world. We are as committed to our employees and our communities  as we are to our clients, and have been consistently recognized as a best place to work by Glassdoor, Vault, Fortune, Ecovadis, Working Mother, the Corporate Equality Index, and others. We have a 10-year commitment to invest over $1 billion in pro bono services brings our talent, expertise and insight to organizations tackling today’s urgent challenges in education, racial and social equity, economic development and the environment.


Department Overview

Bain’s Information Security team is a global team of cybersecurity professionals who are working to protect Bain’s and our client’s critical information assets.  Our mission is to assess risks to critical areas and any cyber threats to provide continuous guidance and improved information security standards to all facets of Bain’s business services and consulting operations.  Our utmost priority is to ensure the confidentiality, integrity and availability (the C-I-A Principles) of our work for our clients.


 Position Summary

As part of Bain’s Global Information Security Risk & Compliance team, this position will provide knowledge and support around Bain’s Information Security program, which include responding to client inquiries, reviewing contracts for security requirements, risk management activities, and compliance management.  The primary responsibilities of the Information Security Risk and Compliance Analyst will be to work as an individual contributor within a team of information security risk and compliance professionals and demonstrate expertise in the following duties as appropriate:

Essential Functions


Client Assurance

  • Execute tasks associated with complex client inquiries, client security contracts/addendums, audits, and assessments as required for client contractual, regulatory and compliance obligations. Provides in-depth recommendations to resolve issues.
  • Provide approved responses to client inquiries and maintain library of records, documentation, and responses
  • Represent the Information Security Risk & Compliance team on input to contract requirements relating to information technology and security controls
  • Assess and recommend policies, standards, procedures, controls, and security solutions to assure the confidentiality, integrity, and availability of the information technology environment
  • Assist with tasks to remediate identified risks and vulnerabilities; identify those within the organization responsible remediation tasks and negotiate dates for remediation to be complete; track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting to all constituents


Third Party Risk Management

  • Under limited supervision and general direction, evaluate and report on the effectiveness of security and compliance controls, as well as risk mitigation strategies in IT and business environments of third-party providers
  • Collaborate with multiple internal business and procurement teams, to identify, address, and communicate inherent and residual third-party risks


Leadership & Communications

  • Effectively communicates technical issues to diverse audiences

  • Bachelor's degree in MIS, Computer Science, Business or equivalent work experience in a technology role
  • 5-7 years of experience with information technology audits and assessments
  • Experience with cyber security and risk management standards such as the ISO 27000 series, NIST RMF and CSF, Cloud Security Alliance (CSA) and CIS Top 20
  • Basic understanding of regulatory and data privacy concerns globally
  • Industry accepted security certifications are a plus, but not a requirement (i.e. GRCP, CISA, CRISC etc.)
  • Privacy related certifications are beneficial: CIPP, CIPT, CPDSE
  • Knowledge of information security technologies (i.e. access controls, data loss prevention, penetration testing, risk and vulnerability assessment, identity & access management).
  • Experience managing the communication to clients in relation to information security governance program.
  • Demonstrated experience managing IT security risk in both on-premises and cloud (IaaS, PaaS, SaaS) environments
  • Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
  • Coordinate the implementation of process improvements, and manage escalations, issues or high-priority tasks
  • Attention to detail and aptitude for analytical problem resolution
  • Ability to work independently and with cross-functional teams on complex problems
  • High performance and standards as demonstrated by academic or previous job experience


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed