Who We Are
Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.
What You'll Do
This is an opportunity to shape the future of BCG’s global infrastructure security and build the architecture practice that delivers it. As the Infrastructure Security Architecture Lead, you will own the security architecture, standards, and Zero Trust direction for BCG’s core infrastructure across the identity, network, device, and data pillars, and you will line-manage and grow the team of architects aligned to each pillar. You will be accountable for the coherence, quality, and maturity of the architecture that protects the firm’s global infrastructure.
As part of Information Security Risk Management (ISRM), you will operate through a shared accountability model with Platform Engineering: your team provides architectural direction, governance, and design oversight through the solution lifecycle, while engineering retains ownership for delivery and operations. You will be the senior escalation point for architectural risk within the domain and will represent Infrastructure Security Architecture in enterprise governance. Success requires people leadership, architectural judgment across multiple infrastructure domains, and the ability to influence senior stakeholders in a matrixed global organization.
Key Responsibilities
Team Leadership and People Management
-
Line-manage, develop, and grow the architects aligned to the Secure Identity, Secure Network, Secure Device, and Secure Data pillars; set objectives, manage performance, and build the team out to full coverage.
-
Establish consistent ways of working and quality bars so the domain operates as a coherent function, and act as mentor and escalation point for complex design decisions.
-
Balance architectural capacity across pillars toward the highest-risk and highest-priority initiatives.
Domain Architecture and Strategy
-
Own the security architecture strategy, reference architectures, and target-state roadmap across the identity, network, device, and data pillars, advancing ZTMM maturity aligned to NIST SP 800-207 and the CISA Zero Trust Maturity Model.
-
Ensure architectural coherence across pillars, resolving cross-cutting dependencies (identity lifecycle propagation, certificate lifecycle, entitlement governance) rather than allowing point solutions to harden into enterprise patterns.
-
Set the direction for strategic target architectures per control family, socialized with Enterprise Architecture and traceable to enterprise strategic targets.
Standards and Governance
-
Lead the creation and maintenance of control-family standards in alignment with Security Governance, Risk, and Compliance (SGRC), socializing standards with configuration item (CI) owners for viability before enforcement and agreeing control disposition with SGRC and SAVE.
-
Own security architecture reviews and exception dispositions for the domain, ensuring decisions are consistent, defensible, and traceable to ISRM governance.
-
Represent Infrastructure Security Architecture in enterprise governance forums (Change Advisory Boards, Design Authorities) and advocate for risk-based prioritization across the Security Portfolio.
-
Maintain and leverage the team’s AI-assisted tooling for standards development and control-alignment review, with appropriate human oversight.
Engineering Partnership
-
Serve as the architecture counterpart to the infrastructure engineering squads: validate feasibility and effectiveness of controls through implementation without assuming delivery ownership, and hold engineering accountable for meeting SecArch requirements.
-
Reinforce the ISRM operating model: Security Architecture designs and governs; Security Operations owns monitoring, SIEM, and detection; assurance and audit sit with SAVE and SGRC. Specify the telemetry requirements needed for the domain’s services to be observable.
You’re Good At
-
Building and developing a high-performing architecture team, and growing a function from a small base into full coverage.
-
Building consensus while maintaining architectural integrity across complex, cross-domain technology initiatives.
-
Making defensible architectural decisions under ambiguity and time pressure, and making them stick.
-
Influencing senior stakeholders across engineering, Enterprise Architecture, and security leadership in a matrixed global organization.
-
Translating enterprise security strategy into practical standards and implementable engineering requirements.
What You'll Bring
-
Bachelor’s degree in a relevant field or equivalent practical experience.
-
10+ years in security architecture, security engineering, or infrastructure security, including demonstrated architecture responsibility across more than one infrastructure domain.
-
Prior people-management or team-lead experience, or clear readiness to take on line management of a technical team.
-
Experience operating in large, audit-sensitive, or regulated enterprise environments with formal governance and exception processes.
-
Strong understanding of Zero Trust architecture (NIST SP 800-207, CISA ZTMM), enterprise control frameworks, and hybrid cloud environments (Azure, AWS, GCP).
-
Breadth across at least two of the infrastructure pillars (identity, network, device, data), with the ability to lead architects who hold deeper specialization in each.
-
Command of the governance and lifecycle disciplines that cut across pillars: identity lifecycle management, certificate and key lifecycle, and entitlement governance.
-
Experience applying AI-assisted tools to security architecture work, with a clear understanding of LLM capabilities, limitations, and the need for human oversight.
Preferred Qualifications
-
Experience standing up or scaling a security architecture function or team.
-
Hands-on architecture background in one or more of: enterprise identity (Entra ID, Okta, PAM), network security (SSE, ZTNA, segmentation), endpoint/device security, or data protection.
-
Professional certifications such as CISSP, SABSA, TOGAF, or relevant cloud security certifications.
Who You'll Work With
You will lead the Infrastructure Security Architecture team within Information Security Risk Management (ISRM), managing the architects aligned to each infrastructure pillar and reporting to the Senior Director of Cybersecurity Architecture. You will own the security strategy, architectural standards, and governance that guide the design and evolution of BCG’s core infrastructure platforms across identity, network, device, and data.
You will collaborate closely with engineering, cloud, identity, infrastructure, and security teams across BCG’s global technology organization to ensure security controls are consistently designed, implemented, and governed across the infrastructure domain. You will partner with Enterprise Architecture, Security Operations, Risk Management, and architecture peers to strengthen Zero Trust capabilities, advance security maturity, and support enterprise-wide cybersecurity initiatives.
Working within a highly collaborative, matrixed environment, you will set technical direction, build alignment on architectural decisions, develop your team, and help the organization deliver secure, scalable solutions that balance business objectives, operational effectiveness, and risk management.
Additional info
Regular, Full-Time (local employment terms apply)
Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.