Logo
McKinsey & Company

Manager, Technology and Data Risk

McKinsey & Company, Boston, Massachusetts, us, 02298


Risk & Compliance Manager, Technology and Data Risk Job ID: 93886

Do you want to do work that matters, alongside supportive leaders who will help you grow faster than you ever thought possible? Are you a creative problem-solver who is energized by challenges?

You've come to the right place.

Who You'll Work With You'll work as part of our Technology and Data Risk team reporting to the Director, Technology and Data Risk. You will work closely with senior leadership across Legal, Technology, Cybersecurity, Ethics and Compliance, and other firm functions to identify, assess, and manage risks across the firm.

You will preferably be based in our Dallas, Chicago, or Boston office. However, we will also consider our Tampa, Phoenix, Atlanta, New York, New Jersey, Washington, and Toronto locations.

Your impact within our firm As a Technology and Data Risk Manager, you will play a critical role in safeguarding the firm by ensuring risks are identified, evaluated, and managed effectively. You will lead the implementation of a robust risk management framework that aligns with the firm's strategic priorities and operational needs.

As a critical member of the technology and data risk team, you will strengthen its role as a second line of defense function by serving as a trusted advisor to legal, technology, cybersecurity, ethics and compliance, and other functions across the firm. You will act as a reliable thought partner, offering actionable guidance and fostering a collaborative approach to addressing risk-related challenges. Your advisory contributions will enhance the firm's risk posture.

You will lead firm-wide and entity-level risk assessments to ensure risks are effectively identified, evaluated, and addressed across the firm. You will design and implement tailored assessment approaches aligned with the firm's strategic objectives and regulatory requirements. Collaborating with senior leaders through interviews and workshops, you will uncover critical risks, assess their impact, and prioritize them for immediate action.

Your leadership will provide a holistic view of the firm's risk landscape, empowering informed, proactive decisions that enhance resilience and support long-term success. You will also perform due diligence prior to deal closures, identifying potential risks associated with acquisitions or partnerships.

You will oversee the maintenance of the firm-wide risk register at a strategic level, ensuring that risks are comprehensively documented, consistently monitored, and effectively managed throughout their lifecycle. As a key leader, you will ensure the risk register serves as a centralized and transparent repository, providing senior leadership and the board with a holistic view of the firm's risk landscape.

Your efforts will enable informed, proactive, and strategic decision-making, aligning risk management practices with the firm's long-term objectives and regulatory obligations.

You will collaborate closely with technology and cybersecurity teams to design and implement foundational elements and data structures that support seamless, automated, and end-to-end risk management. Your leadership will ensure that the firm-wide governance, risk, and compliance (GRC) platform is strategically designed and optimally configured to streamline critical processes, including risk assessments, issue resolution, and exception management.

By integrating these processes into a cohesive framework, you will enable a unified, efficient, and transparent approach to managing risks across the firm, enhancing operational resilience and strategic decision-making.

You will develop comprehensive risk reports that provide actionable insights for senior leadership and other key stakeholders. These reports will offer a clear, data-driven understanding of the firm's risk landscape, enabling informed decision-making and strategic prioritization.

In addition, these reports will serve as essential tools for meeting external requirements, such as ISO certification, and will be leveraged by other teams to align their initiatives with the firm's overall risk management strategy. Your ability to distill complex risk information into concise, impactful insights will ensure that leadership remains equipped to address challenges proactively.

You will lead the firm's issues management program, ensuring issues are effectively tracked and resolved throughout their lifecycle. Acting as the primary point of escalation, you will address critical challenges such as timeline delays or unresolved risks, ensuring leadership is equipped with the information needed to act decisively.

You will also provide strategic oversight of the quarterly issues report, ensuring it delivers a comprehensive and accurate view of issue statuses, trends, and progress before dissemination to stakeholders. Through your leadership, you will foster accountability, strengthen cross-team collaboration, and continuously refine the firm's risk management framework to align with its strategic objectives and drive organizational resilience.

Your qualifications and skills

Bachelor's degree in computer science, business, or related field; advanced degree or certifications (e.g., CRISC, CISA, CISSP) preferred

6+ years of relevant experience in managing complex risk and/or IT programs

Proven ability to manage risks throughout their lifecycle, from identification to mitigation and monitoring; demonstrated expertise in conducting due diligence for acquisitions and integrating findings into broader risk frameworks

Proven track record and expertise in developing risk management and information security policies and procedures, successfully executing programs that meet the objectives of excellence in a dynamic environment, as well as experience working with relevant (incl. senior) stakeholders

Strong critical reasoning and integrative problem-solving skills with the ability to absorb new information rapidly and grapple with a wide range of complex issues; ability to influence stakeholders across all levels of seniority by cultivating trust-based relationships

Familiarity with technology delivery and digital product management, ideally across vendor-provided technology and internally developed assets

Familiarity with prominent and emerging cyber, AI, data, and other technology risk topics

Strong ability to structure and synthesize learnings and feedback into clear, effective written documents, mainly leadership updates

Passion for people development and experienced people leader; carries a demonstrated track record of enabling a collaborative, respectful, and inclusive environment for all colleagues

Please review the additional requirements regarding essential job functions of McKinsey colleagues.

#J-18808-Ljbffr