Explore Career Opportunities with GSV’s world-class partners


Senior Information Security Manager

McKinsey & Company

McKinsey & Company

Shanghai, China
Posted on Wednesday, January 17, 2024
Technology & Digital

Senior Information Security Manager

Who You'll Work With

You will be a part of a global Cybersecurity team and work out of our Shanghai office.
In this role, you will work with IT products teams to embed security standards and requirements. You’ll collaborate with global cybersecurity teams to develop fit for purpose solutions.
You’ll align with the legal teams on cyber compliance requirements, and client servicing teams to advise security best practice and firm standards.

What You'll Do

You will lead a group of local security experts and be responsible for providing guidance and to make security decisions to protect and enable a platform that supports our client service group.
You’ll be responsible for crafting the design, architecture, and engineering of security products/suite of products that improve the security posture of the enterprise and its customers adhering with cyber security standards and industry best practices. You’ll also provide vision, guidance and take ownership in implementing security technologies and processes across multiple functions in China.
You’ll lead the implementation of cyber security best practices and inspire stakeholders to adhere to them. You’ll exhibit distinct customer focus to drive awareness of security policies, standards, guidelines, and best practices across multiple groups. You’ll recommend new technologies to efficiently improve system reliability and security and review and recommend strategies to improve security to existing system designs.
You’ll demonstrate expertise in Agile way of working aligned with DevSecOps and act as a catalyst in building high-performing and self-organizing teams by fostering collaboration mindset amongst distributed and cross-functional teams. You’ll contribute to the development and growth of engineers in the community.


  • Bachelor’s is required and master’s degree preferred in IT/Computer Science, Cyber Security, or equivalent experience
  • 9+ years of relevant experience, including 2+ years of team leading experience
  • Expertise in multiple core security domains such as network security, API security, cloud security, Identity and Access management, and data security
  • Deep expertise with cloud security concepts and technologies of AWS, Azure, or Alicloud
  • Expertise with network security, including security engineering such as firewall policy management, network hardening such as IDS/IPS and network ports configuration, encrypting network traffic such as multi cloud traffic encryption and zero trust network access
  • Hands on experience in endpoint protection solution and controls design
  • Hands on experience in multiple SDLC security tools (SAST, DAST, Policy as Code, CSPM)
  • Experience in email security solution design and configuration would be a plus
  • Experience in data security, for example Data Loss Prevention solution would be a plus
  • Familiarity with regulatory compliance frameworks, such as MLPS, GDPR, HIPAA, or PCI-DSS
  • Work for one or more MMC, with at least 3 years in mainland China
  • Highly collaborative, able to work with diverse teams in different functions and regions
  • Excellent written and verbal communication skills with the ability to communicate security and risk-related concepts to both technical and non-technical audiences
  • Fluent in English and Mandarin
Apply Now

FOR U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law.

FOR NON-U.S. APPLICANTS: McKinsey & Company is an Equal Opportunity employer. For additional details regarding our global EEO policy and diversity initiatives, please visit our McKinsey Careers and Diversity & Inclusion sites.

share this job

Job Skill Group - CSSA
Job Skill Code - SISR - Principal Security Engineer I
Function - Technology
Industry - High Tech
Post to LinkedIn - #LI-DNI
Posted to LinkedIn Date -
LinkedIn Posting City -
LinkedIn Posting State/Province -
LinkedIn Posting Country -
LinkedIn Job Title - Senior Information Security Manager
LinkedIn Function -
LinkedIn Industry -
LinkedIn Seniority Level -