General Information

Job Title
Analyst - Information Security, Risk and Compliance
Job ID
Technology & Engineering
Employment Type
Permanent Full-Time

Description & Requirements

Company Overview

Bain is one of the world's top management consulting firms. Founded in 1973, Bain has 59 offices in 37 countries. We have developed a track record of delivering results through tailored, pragmatic, actionable solutions for our clients. Bain has worked with thousands of major multinational organizations from every economic sector, in every region of the world. We are as committed to our employees and our communities  as we are to our clients, and have been consistently recognized as a best place to work by Glassdoor, Vault, Fortune, Ecovadis, Working Mother, the Corporate Equality Index, and others. We have a 10-year commitment to invest over $1 billion in pro bono services brings our talent, expertise and insight to organizations tackling today’s urgent challenges in education, racial and social equity, economic development and the environment.

Department Overview 

Bain’s Information Security team is a global team of cybersecurity professionals who are working to protect Bain’s and our client’s critical information assets.  Our mission is to assess risks to critical areas and any cyber threats to provide continuous guidance and improved information security standards to all facets of Bain’s business services and consulting operations.  Our utmost priority is to ensure the confidentiality, integrity and availability (the C-I-A Principles) of our work for our clients.

Position Summary

As part of Bain’s Global Information Security Risk & Compliance team, this position is responsible for applying and supporting the Third Party Risk Management program’s strategic vision in the execution of day-to-day functions.  This program ensures that third parties (including, but not limited to, new and existing vendors and strategic partnerships) meet the security, compliance, and reporting guidelines established by Bain & Company.

Essential Functions

·    Under limited supervision and general direction, evaluate and report on the effectiveness of security and compliance controls, as well as risk mitigation strategies in IT and business environments of third-party providers

·    Assist in defining, developing, and implementing third party risk assessment program processes in accordance with the defined risk appetite.

·     Identify and support opportunities for improving third party risk posture and processes, including expanded monitoring, KRI tracking, etc. by applying knowledge of security, regulatory, and third party risk lifecycle frameworks.

·     Assist with and/or lead various third party risk management or vendor implementation and support program initiatives working closely with management, peers and other internal teams.

·     Supports team and stakeholder education and awareness by developing training materials and facilitating training, providing guidance, and sharing best practices. Serves as subject matter expert for escalated or complex matters and quality assurance review of team member assessments as needed.

·     Review existing and new contracts with third parties to ensure Bain & Company’s security, compliance or governance-related requirements are being met.

·     Collaborate with multiple internal business and procurement teams, to identify, address, and communicate inherent and residual third-party risks

  • Effectively communicates technical issues to diverse audiences 
  • Effectively communicate and coordinate planning, preparation, execution, review and remediation phases of third party assessment activities


  • Bachelor's degree in MIS, Computer Science, Business or equivalent work experience in a technology role
  • A minimum of 5+ years of experience in Third Party Management, Business Analyst experience, IT Risk, Audit, Information Security or Assurance and/or strong audit/technical evaluation experience with various types of systems and networks, preferably in relevant line of business
  • Experience managing complex and dynamic third-party relationships
  • Experience with cyber security and risk management standards such as the ISO 27000 series, NIST 800 Series & CSF, Cloud Security Alliance (CSA) and CIS Top 20
  • Basic understanding of regulatory and data privacy concerns globally
  • Professional information security certification (e.g., Certified Information Security Manager- CISM, Certified Information Systems Security Professional – CISSP, Certified Information Systems Auditor-CISA, Certified Third Party Risk Professional- CTPRP) - preferred
  • Experience using a GRC Platform (OneTrust) - preferred