You will be part of Mc Kinsey’s Risk Operations & Experience function, whose mission is to enable Mc Kinsey’s client impact and innovation, while managing risks to the firm, our clients, and our people. Risk Operations & Experience Risk is a globally integrated team within the firm’s wider network of functions, with team backgrounds including communications, consulting, and technology.Mc Kinsey has strengthened its governance and compliance processes as part of its ambition to lead our industry. Towards this aim, the Risk Operations & Experience team play an integrating role across the lifecycle of risk in the firm’s operations, including insider risk, technology risk, product and engagement associated risk operations.This role reports to the Manager, Technology Risk and will be based in China (Shanghai preferred).You will collaborate with multiple functional teams, e.g., Legal, SOC, Cybersecurity, T& D, to support multiple products and processes in the Greater China region.  A typical list of tasks includes but is not limited to:

• reviewing and finetuning the process, e.g., data sanitization, file sharing & access;
• reviewing and approving the data access related requests;
• working with SOC to create the use cases for alert detection;
• supporting alerts & incidents related to information security policy violations; review and investigate as needed;
• reviewing incidents & logs to assess the effectiveness of the data controls;
• working closely with Risk and Technology teams to improve and implement data governance controls;
• managing stakeholders, establishing trusted, advisory relationships with leadership team in each office and leading/facilitating data risk decisions within the region.

You will liaise with firm Legal and Risk teams to enable changes to policies and operating procedures.You will build appropriate processes to enable consultants to work effectively while upholding data management best practices as dictated by local laws and regulations.Your primary responsibilities will also include input into wider firm operating model considerations (e.g., engagement staffing, finance reporting, risk governance).

• Fluent in conducting business in Mandarin and English
• 7+ years of experience in IT technology risk discovery, analysis, and remediation, with the focus in the cyber and data domain
• Worked for one or more MNC, with at least 3 years in mainland China and experience in bridging communication across regions
• Good understanding of China Data & Cybersecurity regulations, e.g., CSL, DSL and PIPL
• Excellent judgment and problem-solving skills, exceptional integrity, and distinctive interpersonal and collaborative skills
• Strong capability in dealing with ambiguity, identifying options, experimenting with path forward
• Highly collaborative, able to work with diverse teams in different functions and regions
• Outstanding communication skills, including clear and concise writing, editorial, and briefing skills
• Ability to work across all levels of seniority, cultivating trust-based, peer-counselor relationships and quickly establishing credibility
• Ability to work on complex, sensitive, time-critical issues and quickly get up to speed on new topics across industries and risk areas
• Strong technology experience and exposure to data governance
• Experience with Data Leakage Prevention solutions (nice to have)