What You'll Do The Director, Cyber Audit & Assurance is a senior leadership role within BCG's Information Security Risk Management organization. Reporting to the Senior Director, Information Security ...
What You'll Do The Director, Cyber Audit & Assurance is a senior leadership role within BCG's Information Security Risk Management organization. Reporting to the Senior Director, Information Security ...
What You'll Do The Director, Cyber Audit & Assurance is a senior leadership role within BCG's Information Security Risk Management organization. Reporting to the Senior Director, Information Security ...
What You'll Do The Director, Cyber Audit & Assurance is a senior leadership role within BCG's Information Security Risk Management organization. Reporting to the Senior Director, Information Security ...
Background in software engineering, product security, incident response, or technology and cyber audit * Understanding of AI and machine learning models and their integration within software ...
Background in software engineering, product security, incident response, or technology and cyber audit * Understanding of AI and machine learning models and their integration within software ...
Background in software engineering, product security, incident response, or technology and cyber audit * Understanding of AI and machine learning models and their integration within software ...
Background in software engineering, product security, incident response, or technology and cyber audit * Understanding of AI and machine learning models and their integration within software ...
Background in software engineering, product security, incident response, or technology and cyber audit * Understanding of AI and machine learning models and their integration within software ...
Background in software engineering, product security, incident response, or technology and cyber audit * Understanding of AI and machine learning models and their integration within software ...
IT Security Auditor
Indianapolis, IN · Hybrid
$114K - $185K/yr
Associate degree in Computer Science or Information technology with 7+ years of Cyber Audit experience, OR * Bachelor's degree in Computer Science or Information technology with 5+ years of Cyber ...
IT Security Auditor
Indianapolis, IN · Hybrid
$114K - $185K/yr
Associate degree in Computer Science or Information technology with 7+ years of Cyber Audit experience, OR * Bachelor's degree in Computer Science or Information technology with 5+ years of Cyber ...
IT Security Auditor
Indianapolis, IN · On-site
$114K - $185K/yr
Associate degree in Computer Science or Information technology with 7+ years of Cyber Audit experience, OR * Bachelor's degree in Computer Science or Information technology with 5+ years of Cyber ...
IT Security Auditor
Indianapolis, IN · On-site
$114K - $185K/yr
Associate degree in Computer Science or Information technology with 7+ years of Cyber Audit experience, OR * Bachelor's degree in Computer Science or Information technology with 5+ years of Cyber ...
Sr. Manager, Tech & Cyber Risk
Mclean, VA · On-site
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Sr. Manager, Tech & Cyber Risk
Mclean, VA · On-site
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Senior Auditor, Internal Audit - Cyber & Technology
Washington, DC · On-site
$95K - $118K/yr
Senior Auditor, Internal Audit - Cyber & Technology Location: Washington, DC Line of Business: Finance Job Function: Investor Services Date: Thursday, May 14, 2026 Position Summary Position Summary ...
Senior Auditor, Internal Audit - Cyber & Technology
Washington, DC · On-site
$95K - $118K/yr
Senior Auditor, Internal Audit - Cyber & Technology Location: Washington, DC Line of Business: Finance Job Function: Investor Services Date: Thursday, May 14, 2026 Position Summary Position Summary ...
Sr. Manager, Tech & Cyber Risk
Mclean, VA · On-site
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Sr. Manager, Tech & Cyber Risk
Mclean, VA · On-site
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
The role will begin with supporting a cyber audit remediation process that is aligning the company with ISO 27001. Primary Functions/responsibilities: * Support and advise on contracts and engagement ...
The role will begin with supporting a cyber audit remediation process that is aligning the company with ISO 27001. Primary Functions/responsibilities: * Support and advise on contracts and engagement ...
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Sr. Manager, Cyber Risk & Analysis | Retail Bank Premium Products & Experiences
Richmond, VA · On-site
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Sr. Manager, Cyber Risk & Analysis | Retail Bank Premium Products & Experiences
Richmond, VA · On-site
Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls, fostering strong communication across all levels to influence risk identification and mitigation strategies.
Senior Manager Cyber and Technology Internal Audit
Las Vegas, NV · On-site
$86K - $118K/yr
The Senior Manager, Cyber and Technology Internal Audit will report to the Director, Internal Audit and will be responsible for the management of the Cyber and Technology audit plan, including ...
Senior Manager Cyber and Technology Internal Audit
Las Vegas, NV · On-site
$86K - $118K/yr
The Senior Manager, Cyber and Technology Internal Audit will report to the Director, Internal Audit and will be responsible for the management of the Cyber and Technology audit plan, including ...
Senior Associate - Cyber Risk & Analysis, Technology Audit
Mclean, VA · On-site
$81K - $100K/yr
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit
Mclean, VA · On-site
$81K - $100K/yr
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit
New York, NY · On-site
$88K - $108K/yr
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit
New York, NY · On-site
$88K - $108K/yr
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit
Mclean, VA · On-site
$81K - $100K/yr
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit
Mclean, VA · On-site
$81K - $100K/yr
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit
Plano, TX · On-site
$77K - $95K/yr
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Senior Associate - Cyber Risk & Analysis, Technology Audit
Plano, TX · On-site
$77K - $95K/yr
Senior Associate - Cyber Risk & Analysis, Technology Audit Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization ...
Cyber Audit information
See salary details
$57K - $68.7K
1% of jobs
$68.7K - $80.5K
4% of jobs
$80.5K - $92.2K
5% of jobs
$92.2K - $103.9K
9% of jobs
$110.4K is the 25th percentile. Wages below this are outliers.
$103.9K - $115.6K
11% of jobs
$115.6K - $127.4K
10% of jobs
The median wage is $131.9K / yr.
$127.4K - $139.1K
28% of jobs
$145.9K is the 75th percentile. Wages above this are outliers.
$139.1K - $150.8K
14% of jobs
$150.8K - $162.5K
11% of jobs
$162.5K - $174.3K
4% of jobs
$174.3K - $186K
4% of jobs
$57K
$133K
$186K
How much do cyber audit jobs pay per year?
What is the difference between Cyber Audit vs Cyber Security Analyst?
| Aspect | Cyber Audit | Cyber Security Analyst |
|---|---|---|
| Certifications | ISO 27001 Lead Auditor, CISA | CompTIA Security+, CISSP |
| Work Environment | Audit firms, consulting companies, internal audit departments | Security operations centers, IT departments, corporate security teams |
| Employer & Industry Usage | Financial, healthcare, government sectors | All industries with IT infrastructure |
| Primary Focus | Assessing compliance, evaluating controls, auditing security policies | Monitoring security threats, implementing security measures, incident response |
While both roles focus on cybersecurity, Cyber Audit primarily involves evaluating an organization's security controls and compliance through audits. Cyber Security Analysts actively monitor and respond to security threats. Understanding these differences helps organizations assign the right responsibilities and professionals for their cybersecurity needs.

Full-time
Medical, Dental, Vision, Retirement, PTO
Posted 19 days ago
Boston Consulting Group rating
9.4
Based on 9 frontline employees who took The Breakroom Quiz
2nd of 58 rated business consultants
Job description
Who We Are
Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.
To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.
What You'll Do
The Director, Cyber Audit & Assurance is a senior leadership role within BCG's Information Security Risk Management organization. Reporting to the Senior Director, Information Security Risk Management, this individual is responsible for leading BCG's global cybersecurity audit, certification, and compliance programs.
The role owns the strategy, governance, and execution of the firm's security certification portfolio, including HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials, TISAX, ENS, and other regional, industry-specific, and regulatory requirements. Working across Information Security, Technology, Legal, Privacy, Risk Management, and business stakeholders, the Director ensures that security controls remain effective, certifications are maintained, and the organization is prepared to meet evolving regulatory, client, and market requirements.
Given the firm's significant U.S. regulatory, healthcare, and client-driven certification obligations, this role requires deep expertise in U.S. cybersecurity compliance frameworks and regular engagement with U.S.-based auditors, legal stakeholders, and business leaders.
This leader provides oversight of external audits, certification activities, and regulatory assessments while driving continuous improvement across BCG's cybersecurity control environment.
Key Responsibilities
- Own and lead BCG's global cyber audit, certification, and compliance portfolio.
- Serve as executive owner for HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials Basic & Plus, TISAX, ENS, and other regional, industry-specific, and regulatory certification programs.
- Define and execute the firm's multi-year cyber audit and certification strategy.
- Lead certification audits, surveillance reviews, recertification activities, and external assessments globally.
- Establish sustainable evidence management, control governance, audit readiness, and continuous compliance processes.
- Manage relationships with external auditors, certification bodies, assessors, regulators, and client audit teams.
- Drive remediation planning and closure of audit findings across global stakeholders.
- Advise business leaders on certification and regulatory requirements supporting market expansion and client commitments.
- Lead or support activities related to emerging U.S. regulatory, government, and industry certification requirements.
- Monitor emerging regulatory, assurance, and AI governance requirements and assess impacts to the firm.
- Lead local and regional certification initiatives required by clients, regulators, and market-specific obligations.
- Develop executive reporting, KPIs, and governance materials for senior leadership and risk committees.
- Present certification, compliance, and regulatory risk matters to executive leadership and governance forums.
- Build, mentor, and lead a high-performing cyber audit and assurance team.
What You'll Bring
- Bachelor's degree in Information Security, Cybersecurity, Information Systems, Risk Management, Business, or related field.
- 12+ years of experience in cybersecurity, information security, audit, risk management, compliance, or assurance functions.
- 5+ years of leadership experience managing enterprise-scale assurance, audit, or compliance programs.
- Demonstrated ownership of complex global certification and assurance programs.
- Deep expertise with HITRUST, SOC 2, ISO 27001, ISO 27017, ISO 42001, Cyber Essentials, TISAX, ENS, and related frameworks.
- Deep expertise in HIPAA, HITRUST, U.S. healthcare security requirements, and U.S. regulatory compliance frameworks.
- Strong working knowledge of NIST Cybersecurity Framework (CSF), NIST 800-53, and NIST 800-171.
- Experience supporting U.S. government, defense, healthcare, or other highly regulated industry compliance programs.
- Experience leading external audits, certification programs, and regulatory examinations.
- Experience presenting certification, compliance, and regulatory risk matters to executive leadership and governance committees.
- Proven ability to influence senior executives and drive outcomes across a highly matrixed global organization.
Preferred Qualifications
- Experience within consulting, professional services, healthcare technology, SaaS, cloud, or other highly regulated industries.
- Familiarity with U.S. government and regulated-industry certification programs, such as CMMC, FedRAMP, StateRAMP, or equivalent assurance requirements.
- Familiarity with AI governance, AI assurance, and emerging regulatory frameworks.
- Professional certifications such as CISSP, CISA, CISM, CRISC, HITRUST CCSFP, ISO 27001 Lead Auditor, or equivalent.
The successful candidate is a strategic, business-oriented cybersecurity leader who combines deep audit, certification, and complianceexpertisewithstrongexecutive presence. Theyare capable of translatingcomplex regulatory and certification requirements into practical business outcomes, influencing stakeholders at all levels, and leading global programs that directly support client trust and business growth.
This role requires exceptional communication, collaboration, and leadership skills, as well as the ability tooperateeffectively in a fast-paced, global, and highly matrixed environment.
Additional info
*** For US locations only ***
In the US, we have a compensation transparency approach.
Total compensation for this role includes base salary, annual discretionary performance bonus, retirement contribution, and a market leading benefits package described below.
The base salary range for this role in Atlanta is $176,000.00 -$214,700.00.
This is an estimated range, however, specific base salaries within the range depend on various factors such as experience and skill set. It is not common for new BCG employees to be hired at the high-end of the salary range. BCG regularly reviews its ranges to ensure market competitiveness.
In addition to your base salary, your total compensation will include a bonus of up to 30% and a generous retirement contribution that starts at 5% and moves to 10% after 2 years.
All of our plans provide best in class coverage:
Zero dollar ($0) health insurance premiums for BCG employees, spouses, and children
Low $10 (USD) copays for trips to the doctor, urgent care visits and prescriptions for generic drugs
Dental coverage, including up to $5,000 in orthodontia benefits
Vision insurance with coverage for both glasses and contact lenses annually
Reimbursement for gym memberships and other fitness activities
Fully vested Profit Sharing Retirement Fund contributions made annually, whether you contribute or not, plus the option for employees to make personal contributions to a 401(k) plan
Paid Parental Leave and other family benefits such as elective egg freezing, surrogacy, and adoption reimbursement
Generous paid time off including 12 holidays per year, an annual office closure between Christmas and New Years, and 15 vacation days per year (earned at 1.25 days per month)
Paid sick time on an as needed basis
Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
BCG is an E - Verify Employer. Click here for more information on E-Verify.
What Boston Consulting Group employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About Boston Consulting Group
Sourced by ZipRecruiter
Industry
Business management consulting
Company size
10,000+ Employees
Headquarters location
Boston, MA, US
Year founded
1963