The Director, TSG Information Security, Cyber Threat Management is a position within Bain’s Cyber Security Department, whose mission is to define and enable strategies to safeguard the digital assets and integrity of the organization. In this role, the Director understands how security measures align with the overall organizational strategy and will begin to organize and lead in the development and implementation of security controls that adhere to regulatory requirements and best practices. The Director combines a strong level of technical and managerial skills and business alignment to build and guide a growing team and resources across a spectrum of capabilities. The position primarily focuses on the efficient, effective and reliable resolution of Bain’s defensive strategy as well as focuses on improving our offensive strategy to help the company meet its overall business objectives. The position therefore must have the technical skills to troubleshoot and resolve complex issues as well as excellent communication and upward management. These measures require taking a leadership position in coordinating activities across the team working with Technical, IT and Cybersecurity leadership. The Director role has expertise and experience in multiple disciplines, including Threat Intelligence programs, Detection and Deterrence systems, Threat Exposure Management, Incident Response, Forensics and Evidence gather and Pro-Active Security probing capabilities (Red/Blue/Purple teaming & Penetration Testing).

Principal Accountabilities

Monitoring & Detection

• Oversee and strategize on developing advanced security monitoring, analysis, and correlation platforms to detect cybersecurity events.
• Direct cross-functional efforts in the identification and in-depth analysis of sophisticated security threats, including malware, APTs (Advanced Persistent Threats), and targeted attacks.
• Enable a wide range of security tools and technologies, including SIEM, IDS/IPS, or next gen/advanced threat detection solutions.
• Partner with organizations and vendors to identify and integrate new data sources.

Incident Response & Analysis

• Oversee the ongoing management and evolution of security runbooks and champion for ongoing automation or AI/ML based technologies to increase speed/efficiency.
• Strengthen Bain’s capability in-depth log analysis, data correlation, and forensic investigations to identify root causes of incidents and improve security measures.
• Provide strong and clear communications on cyber events and situations with sr. leadership.
• Ensure alignment in security policies and practices adhere to industry standards and compliance requirements and oversee the validation of the controls.
• Serve as a subject matter expert in security discussions and decision-making and enable and grow team members skills and experience.
• Work with the primary goal of building efficiencies in Cyber Threat Management responses and driving down MTTR and reducing overall risk.

Threat Intelligence

• Enable a threat intelligence capability, including open-source intelligences (OSINT), dark web forums, and industry reports to drive awareness and improvement in our defensive posture.
• Utilize threat intelligence platforms and tools to aggregate and correlate threat data.
• Drive coordination with intelligence and incident response teams to investigate and analyze security incidents.
• Develop and refine threat intelligence methodologies and tools.
• Stay current with industry best practices and new methodologies to enhance the teams capabilities.

Vulnerability Management & Threat Exposure Management

• Work cross-functionally across IT teams and provide leadership and guidance in mitigating threats to Bain. Serve as a subject matter expert in security discussions and decision-making.
• Build processes to enable regular vulnerability scans on the organization’s network, applications, and systems using industry-standard tools

Pro- Active Security Testing

• Experience implementing and operationalizing vulnerability management tools, processes, and best practices.
• Oversee the classification and prioritization of vulnerabilities based on risk and potential impact.
• Stay informed about emerging trends and technologies in cybersecurity.
• Work collaboratively with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture.

Pro- Active/Enhanced Security Testing

• Partner with colleagues to expand controlled penetration testing technologies and capabilities on networks, applications, and systems to identify security vulnerabilities.
• Investigate and keep up to date with changes in tooling and advanced attacks in network, cloud and application testing.
• Analyze and interpret results to identify potential risk as well as evaluate potential impact.
• Red Team, Blue Team, Purple team exercise leadership experience.

Professional Development and Innovation

• Stay informed about emerging trends and technologies in cybersecurity.
• Drive collaboration and defensive standards/expertise across Bain, working with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture.
• Explore Professional Certifications and work with leadership to plan trainings.

Knowledge, Skills, And Abilities

Security Monitoring & Incident Detection and Response

• Strong knowledge of Splunk (or other SIEM tools),CrowdStrike or equivalent EDR/MDR platforms, Windows Defender, Palo Alto Networks, Other AV/EDR tool configuration, Cyberhaven (or other DLP tools)
• Knowledge of Vulnerability & Attack Surface Management toolsets, Threat Intelligence and Analysis tools, Vendor technical Risk Scoring tools, Deception technologies
• Knowledge of ticketing, triage and forensics capabilities and toolsets

General Skills

• Great communication skills, with the ability to document and explain technical information clearly.
• Analytical mindset, with a focus on learning and problem-solving.
• Ability to work independently and well in a team, showing strong interpersonal skills.
• Eagerness to learn and adapt to new challenges in cybersecurity.
• Entrepreneurial spirit, open to trying new approaches and learning from them.

Team Management

• Drive and expand the training and professional development of Security Operations staff.

Qualification And Experience

• Bachelor’s degree in a related field (e.g., Computer Science, Cybersecurity, Information Technology) or an equivalent combination of education, training, and experience
• 10-15 years of relevant experience
• Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc.)
• Experience with common information security controls frameworks (i.e. ISO, NIST, CIS, or CSA)
• Global company or equivalent
• Experience deploying systems or applications
• Ability to work independently and with teams on complex problems
• Complex problem solving
• Ability to work in a fast paced, dynamic environment.