Procurement Third Party Risk Manager, Cyber Job ID: 94044

Do you want to work on complex and pressing challenges-the kind that bring together curious, ambitious, and determined leaders who strive to become better every day? If this sounds like you, you've come to the right place. Your Impact

In this role, you will be responsible for mitigating supplier cybersecurity risks in the firm's supplier onboarding process and across its supply base.

You will lead strategy development and program execution of the next generation of cyber supplier risk management program. This will include designing a risk-based cyber diligence methodology, evaluation framework, ongoing monitoring, issue management and related risk artifacts. You will ensure the robustness and efficiency of cyber controls in our end-to-end procurement lifecycle, while being able to balance cybersecurity requirements with supplier risk and business objectives. You will deliver on and represent Optimize supplier cybersecurity priorities across the firm.

You will assess and analyze supplier data and cybersecurity risks across our procurement processes. You will report on clear program metrics including security compliance for suppliers, incidents, Key Performance Indicators (KPIs) and Objectives and Key Results (OKRs). You will proactively identify risk areas and opportunities and collaborate with cross functional teams to problem solve viable solutions. You will gain alignment and lead/support the implementation of agreed recommendations on behalf of the procurement team.

You will foster and champion a "risk first" culture and create awareness across the firm on supplier cybersecurity risk topics. You will build rapport and develop trust-based relationships with key stakeholders and other risk teams that work on supplier and cybersecurity issues. You will be a subject matter expert and advise colleagues on cyber risk topics as they relate to supplier and procurement processes.

Your Growth

You will be part of Optimize, McKinsey's global procurement capability, enhancing and protecting the firm's resources and reputation by making responsible buying easy and creating leading solutions and experiences across our supplier ecosystem.

We are hiring for a Manager within the Cyber & Data Risk pillar of Optimize's Supplier Risk & Social Responsibility team. This team leads and oversees the firm's global supplier risk management program across risk domains. You will report to the Director of Supplier Risk Strategy and work cross-functionally with key stakeholders including Cybersecurity, Cyber Legal and Compliance as you support, shape and deliver on the firm's supplier cybersecurity risk initiatives and strategies. You will be based out of the Philadelphia, Washington DC, Atlanta, Denver, Miramar, or Tampa offices. Your qualifications and skills

Bachelor's/university degree required 7+ years of relevant experience in cybersecurity Deep knowledge of cybersecurity policies, standards and best practices Experience in third party risk from both a strategic and operational perspective Understanding of cybersecurity diligence methods, including vulnerability assessments and penetration testing Technical understanding of the cybersecurity landscape and working knowledge of common information security controls, guidelines and standards (e.g., ISO27001, OWASP, SOC 2, NIST) Must be comfortable with ambiguity; demonstrate strong problem solving and creative thinking skills; must be able to work under pressure and tight deadlines Ability to interact and influence at all levels of management across functions Project and process management skills, with expertise prioritizing and managing multiple projects/tasks simultaneously Demonstrated experience in developing documents and presenting complex information to colleagues at all levels Global experience in a professional services or consulting environment a plus

Please review the additional requirements regarding essential job functions of McKinsey colleagues.

Apply Now Apply Later

FOR U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law. Certain US jurisdictions require McKinsey & Company to include a reasonable estimate of the salary for this role. For new joiners for this role in the United States, including all office locations where the job may be performed, a reasonable estimated range is $159,200 - $212,100 USD -to help you understand what you can expect. This reflects our best estimate of the lowest to highest [salary/hourly wages] for this role at the time of this posting, ensuring you have a clear picture right from the start, though it's important to remember that actual salaries may vary. Factors like your office location, your unique blend of experience and skills, start date and our current organizational needs all play a part in determining the final figure. Certain roles are also eligible for bonuses, subject to McKinsey's discretion