• Support and continuously improve the ISMS, including compliance activities, audit preparation, evidence collection, risk tracking, and remediation follow-up. • Translate security and compliance requirements into practical technical controls and verify their effectiveness. • Implement and operate core security controls in the Microsoft / Entra environment, including MFA, Conditional Access, role-based access, privileged access practices, access reviews, endpoint security, and hardening. • Coordinate operational security activities such as Cyber Defence Center investigations, vulnerability and patch management, incident response, backup/restore security, ransomware resilience, and restore-test evidence. • Integrate security into IT operations, change/release processes, and service management, and report the security posture using relevant KPIs such as MFA coverage, device compliance, patch status, critical risks, and restore-test success.

Role Description As Global IT Senior Infrastructure Developer, you will be responsible for development and technical support of BCG's new GenAI case team assistant. You will work with a team of internal and external developers, product owners, solution architects, and scrum masters to deliver on the roadmap. You will be expected to be hands-on with the latest development technologies and bring innovative ways to execute faster delivery for global BCG users. Therefore, a commitment to collaborative problem solving, sophisticated development practices, and the creation of quality products are essential. Qualifications - BTech/MCA with 5+ years of experience in the development of business applications in a commercial IT setting, or in consulting Requirements - Participate in Agile ceremonies to deliver on the squad mission - Create technical design for using design guardrails and business needs - Security best practices in cloud environments - Monitoring and logging to analyze & track resource utilization, application performance, and identify potential issues (Grafana, Prometheus, Loki or ELK) - Having knowledge of DevSecOps & DevOps - Strong Python experience including async programming - Troubleshoot reported production tickets and provide timely analysis and resolution - Stay abreast of development tools, trends and practices, and act as an advocate and promoter for items that should be considered for future initiatives - Keeping Technical Debt to the bare minimum - Excellent communication skills and the ability to communicate with product owners/business analysts/solution architects and understand requirements carefully and execute Company Description Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

Role Description The Entra Identity and Access Management (IAM) Engineer will provide services to assist and support the organizations in architecting, designing and implementing identity and access management solutions and guide the other operations team in managing the identity life cycle. - Develop, implement and monitor strategic, comprehensive enterprise IAM frameworks, guidelines and best practices with focus on ensuring that the integrity, confidentiality and availability of information is managed and controlled. - Lead the IAM projects and design activities to respond to complex requirements focused on cybersecurity. - Liaise with the business teams, application teams, IT operations teams and cyber security teams for developing, designing and implementing IAM solutions. - Work and troubleshoot complex IAM integration issues with identity repositories (LDAP, Active Directory, etc.). - Design and Implementation of Role Based Access Controls, Multi-Factor authentication, Conditional access, MFA and adaptive IAM based on organization requirements using risk based approach. - Develop a reporting mechanism based on metrics to monitor progress, to measure efficiency and effectiveness of systems/framework, and to facilitate resource allocation. - Provide regular reporting on the current status of the information security systems/frameworks to senior management and business unit heads as part of a strategic enterprise risk management program. - Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals, focused for IAM service. - Coordinate the development of implementation plans and procedures to ensure that business‐critical services are recovered in case of a security event. - Provide direction, support and in‐house consulting in these areas. - Keep up to date with security issues and best practices related to risk management. - Monitor emerging threats trends, and advise relevant stakeholders on the appropriate courses of action. - Perform other related duties and fulfill responsibilities as required. Qualifications - Five years experience in two or more of the following areas: - Enterprise Identity and access management - Cloud based identity federation and integration with complex custom applications - IAM governance and risk management - IAM consulting engagements - Strong understanding of the various Identity and Access Management platforms including OIM, Okta, Azure Identity Management, AWS IAM, etc. - Strong understanding with Federation Protocols (Oauth, SAML, OpenID), and Single Sign On (SSO) models. - Ability to understand technical and business aspects of IT risk, and to communicate those risks to management, business and technical units so that the organization can make informed decisions regarding appropriate levels of information security control. - Strong analytical and problem-solving skills. - Ability to act calmly and competently in high-pressure, high-stress situations. - Excellent written and verbal communication skills, interpersonal and collaborative skills. - IAM certification from Microsoft, Oracle, Okta, Azure, AWS or Google. Requirements - Project management skills and ability to manage multiple projects under strict timelines. - Experience with security incident response and management process. - At least one professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials. Benefits - This position offers a comprehensive benefits package including medical, dental, and vision insurance. - A 401(k) with company match. - Paid time off. - Parental leave.

Role Description Success in this role will require hands-on expertise implementing and optimizing AI solutions, a working knowledge of cybersecurity principles and best practices, experience working with data and APIs, and an ability to articulate impact and risk by tracking and reporting key cybersecurity metrics. NRG is looking for self-driven, high-caliber individuals who can grasp complex business and technical issues and harness information and relationships to deliver solutions. In return, NRG will provide the support, guidance, and opportunities to help our ideal candidate be successful. Responsibilities: - Improve internal cybersecurity use cases by implementing AI and conventional process automation - Support cybersecurity team members in adopting and leveraging AI, both through personal coaching and hands-on implementation assistance - Assist in defining, documenting, and implementing AI security standards, controls, and best practices - Conduct security reviews for AI systems and help internal product teams align AI implementations with enterprise security requirements - Develop and maintain dashboards to report key cybersecurity metrics and risk indicators - Automate processes for data collection, analysis, and visualization Qualifications - Hands-on experience with AI systems, including building or working with AI agents, LLM-based applications, and automation workflows - Experience working with APIs (REST, Graph-based, etc.) including integration, automation, and security considerations - Experience working with structured and unstructured data (data pipelines, transformation, or analysis) - Experience creating reports, dashboards, or visualizations (e.g., Power BI, Tableau, or similar tools) - Foundational understanding of cybersecurity principles, including application security, identity, and data protection - Intermediate scripting or coding experience (e.g., Python, JavaScript, PowerShell) - Familiarity with common AI and cybersecurity frameworks and standards (e.g., NIST CSF, OWASP) - Understanding of modern software development and system architecture concepts - Experience evaluating the security of generative AI systems - Experience with cloud platforms (Azure, AWS, GCP) and their security models - Familiarity with data security concepts such as data classification, encryption, and access controls Requirements - Build and maintain effective and collaborative working relationships - High level of self-awareness and social skills - Excellent customer service skills - Take initiative and set high personal performance standards - Ability to see the big picture and ensure actions and solutions solve the real problem - Ability to understand and articulate tradeoffs between security and business outcomes - Ability to communicate complex technical concepts clearly to less-technical stakeholders - Curiosity and adaptability in a rapidly evolving technology landscape - Strong analytical and problem-solving skills - Ability to prioritize and focus on high-impact work Minimum Qualifications - Bachelor’s Degree in Cybersecurity or Computer Science or equivalent work experience - 2+ years of experience in software engineering, data engineering, or a related technical field Working Conditions - Open office environment - This role is eligible for in-office work at our Lehi, UT, Princeton, NJ, or Houston, TX locations, or fully remote for qualified candidates in other locations