Explore Career Opportunities with GSV’s world-class partners


Supplier Cyber Risk Specialist

McKinsey & Company

McKinsey & Company

Philadelphia, PA, USA · Washington, DC, USA
Posted on Thursday, December 21, 2023
The McKinsey recruiting team will be celebrating the holidays and there will be no online application support available starting December 22nd, regular support would resume by January 8th. Please refer to this site https://www.mckinsey.com/careers/application-faq for frequently asked questions. Thank you and wishing you happy holidays!

Supplier Cyber Risk Specialist

Who You'll Work With

You will join one of our offices in Atlanta, Denver, Miramar, Philadelphia, or Washington DC and be part of the Supplier Risk team within Optimize, McKinsey’s global procurement function that enhances and protects the firm’s resources and reputation by making responsible buying easy and creating leading solutions and experiences across our supplier ecosystem.
The Supplier Risk team leads and oversees the firm’s global supplier risk management program. You will report to the Supplier Cyber Risk Manager and work cross-functionally with key stakeholders including Cybersecurity, Risk, Compliance, and IT as you support, shape and deliver on the firm’s supplier cybersecurity risk initiatives and strategies.

What You'll Do

You will support the analysis, classification, and response to the supplier cybersecurity risks in the firm’s supplier onboarding process and across its supply base. You will ensure the robustness and efficiency of cyber controls in our end-to-end procurement lifecycle, by aligning the processes and controls to the relevant frameworks and regulatory and legal compliance requirements. You will also work closely with the Supplier Cyber Risk Manager and collaborate with One Firm Cybersecurity (OFCS) team to streamline and seamlessly integrate cyber assessments into our supplier onboarding process.
You will help assess and analyze supplier data and cybersecurity risks across our procurement processes. You will track identified cyber risks and events and support reporting on security compliance for suppliers, incidents, Key Performance Indicators (KPIs) and Objectives and Key Results (OKRs). You will compile data and complete documentation related to supplier cyber risks, as well as ensuring that issues that arise are captured, assessed, and mitigated.


  • Bachelor’s/university degree required
  • 3+ years of relevant experience in cybersecurity, information security or related field
  • Knowledge of third-party risk management and/or procurement processes
  • Knowledge of cybersecurity policies, standards, and best practices
  • Experience with information security testing methods, including vulnerability assessments and penetration testing
  • Technical expertise of common information security controls, guidelines, and standards (e.g., ISO27001, OWASP, SOC 2, NIST)
  • Experience in change management concepts and procedures
  • Problem solving and analytical thinking
  • Experience in working with people to achieve common goals
  • Excellent communication skills and strong relationship building ability
  • Project management, organizational and time management skills
  • Experience in a professional services or consulting environment is a plus
Apply Now

FOR U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law.

Certain US states require McKinsey & Company to include a reasonable estimate of the salary range for this role. A reasonable estimate of the range for new joiners for this role in the United States is $124,500 - $171,200. Actual salaries may vary and may be above or below the range based on various factors, including, but not limited to an individual's assigned office location, experience and expertise. Certain roles are also eligible for bonuses, subject to McKinsey�s discretion and based on factors such as individual and/or organizational performance.

Additionally, McKinsey offers a comprehensive benefits package, including medical, dental and vision coverage, telemedicine services, life, accident and disability insurance, parental leave and family planning benefits, caregiving resources, a generous retirement program, financial guidance, and paid time off.

FOR NON-U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity employer. For additional details regarding our global EEO policy and diversity initiatives, please visit our McKinsey Careers and Diversity & Inclusion sites.

share this job

Job Skill Group - CSSA
Job Skill Code - SCSP - Sourcing Specialist
Function -
Industry -
Post to LinkedIn - Yes
Posted to LinkedIn Date - Wed Dec 13 00:00:00 GMT 2023
LinkedIn Posting City - Philadelphia
LinkedIn Posting State/Province - New Jersey
LinkedIn Posting Country - United States
LinkedIn Job Title - Supplier Cyber Risk Specialist
LinkedIn Function - Consulting;Information Technology
LinkedIn Industry - Computer & Network Security;Information Technology and Services;Management Consulting
LinkedIn Seniority Level - Mid-Senior level