ProcurementSupplier Cyber Risk SpecialistWho You'll Work With

　　You will join one of our offices in Atlanta, Denver, Miramar,Philadelphia, or Washington DC and be part of the Supplier Risk team withinOptimize, McKinsey's global procurement function that enhances andprotects the firm's resources and reputation by making responsible buyingeasy and creating leading solutions and experiences across our supplierecosyst

　　The Supplier Risk team leads and oversees the firm's global supplier riskmanagement program. You will report to the Supplier Cyber Risk Manager andwork cross-functionally with key stakeholders including Cybersecurity,Risk, Compliance, and IT as you support, shape and deliver on thefirm's supplier cybersecurity risk initiatives and strategies.

　　What You'll Do

　　You will support the analysis, classification, and response to thesupplier cybersecurity risks in the firm's supplier onboarding process andacross its supply base. You will ensure the robustness and efficiency of cybercontrols in our end-to-end procurement lifecycle, by aligning the processesand controls to the relevant frameworks and regulatory and legal compliancerequirements. You will also work closely with the Supplier Cyber Risk Managerand collaborate with One Firm Cybersecurity (OFCS) team to streamline andseamlessly integrate cyber assessments into our supplier onboarding process.

　　You will help assess and analyze supplier data and cybersecurity risks acrossour procurement processes. You will track identified cyber risks and eventsand support reporting on security compliance for suppliers, incidents, KeyPerformance Indicators (KPIs) and Objectives and Key Results (OKRs).You will compile data and complete documentation related to supplier cyberrisks, as well as ensuring that issues that arise are captured,assessed, and m

　　Qualifications

　　Bachelor's/university degree required3+ years of relevant experience in cybersecurity, information security orrelated fieldKnowledge of third-party risk management and/or procurement processesKnowledge of cybersecurity policies, standards, and best practicesExperience with information security testing methods, includingvulnerability assessments and penetration testingTechnical expertise of common information security controls, guidelines,and standards (e.g., ISO27001, OWASP, SOC 2, NIST)Experience in change management concepts and proceduresProblem solving and analytical thinkingExperience in working with people to achieve common goalsExcellent communication skills and strong relationship building abilityProject management, organizational and time management skillsExperience in a professional services or consulting environment is a plus

　　FOR U.S. APPLICANTS: McKinsey & Company is an EqualOpportunity/Affirmative Action employer.All qualified applicants will receive consideration for employment withoutregard to sex, genderidentity, sexual orientation, race, color, religion, nationalorigin, disability, protected Veteranstatus, age, or any other characteristic protected by applicable law.Certain US states require McKinsey & Company to include a reasonableestimate of the salary range for this role.A reasonable estimate of the range for new joiners for this role in the UnitedStates is $124,500 - $171,200.Actual salaries may vary and may be above or below the range based on variousfactors, including,but not limited to an individual's assigned office location, experienceand expertise. Certain roles are also eligible for bonuses,subject to McKinseyis discretion and based on factors such as individualand/or organizational performance.Additionally, McKinsey offers a comprehensive benefits package, includingmedical, dental and vision coverage,telemedicine services, life, accident and disability insurance, parentalleave and family planning benefits,caregiving resources, a generous retirement program, fi ancial guidance,and paid time off.FOR NON-U.S. APPLICANTS: McKinsey & Company is an Equal Opportunityemployer. For additional detailsregarding our global EEO policy and diversity initiatives, please visit ourandsites.Job Skill Group - CSSAJob Skill Code - SCSP - Sourcing SpecialistFunction -Industry -Post to LinkedIn - YesPosted to LinkedIn Date - Wed Dec 13 00:00:00 GMT 2023LinkedIn Posting City - PhiladelphiaLinkedIn Posting State/Province - New JerseyLinkedIn Posting Country - United StatesLinkedIn Job Title - Supplier Cyber Risk SpecialistLinkedIn Function - Consulting;Information TechnologyLinkedIn Industry - Computer & Network Security;Information Technology andServices;Management ConsultingLinkedIn Seniority Level - Mid-Senior level

　　Equal Opportunity Employment Disclaimer

　　McKinsey & Company is an equal opportunity employer. We evaluate qualified