Who We Are
BCG pioneered strategy consulting more than 50 years ago, and we continue to innovate and redefine the industry. We offer multiple career paths for the world's best talent to have a real impact on business and society. As part of our team, you will benefit from the breadth and diversity of what we are doing today and where we are headed next. We count on your authenticity, exceptional work, and strong integrity. In return we are committed to supporting you in discovering the most fulfilling career journey possible-and unlocking your potential to advance the world. Our team called Global Services (GS) provides corporate support to business areas such as Finance, Legal, HR, Marketing and IT. This diverse team of experts, operators and specialists represent all levels from Partner to entry level staff, operating across the globe in multiple countries. Global Services is in short, the backbone of BCG.What You'll Do
The Data Protection Manager, AI (DPMAI) reviews and advises on compliance aspects and risks of technical solutions that process personal data and involve artificial intelligence, machine learning, or automated decision making (including, but not limited to GenAI-based solutions).
The DPMAI adds technical AI expertise as well as in-depth knowledge of applicable laws, regulations and guidance to BCG's Data Protection Office and collaborates closely with the DP Office members, Information Security Architects, case teams and functional teams. Activities include consultation, initial assessments, risk and compliance assessments of IT systems, both data protection and data transfer impact assessments, development and review of policies and risk mitigation measures.
The ideal candidate has a background in information security or information technology and data protection with work experience in a data protection team, preferable in a multinational professional services environment.
You're good atResponsibility for assessment of applications and services with AI components (Ensuring GDPR, CCPA and other data protection compliance requirements)
Identify privacy risks and translate to scalable, pragmatic controls for data collection, storage, access, usage, and deletion, in an AI context
Establishing and maintaining guidelines for technical teams and case teams that ensure compliance of technical and organizational data protection measures, including, but not limited to the use of personal data for training and application of AI, security-by-design, privacy-by-default, data minimization, anonymization or pseudonymization
Execution of Data Transfer Impact Assessments and Data Protection Impact Assessments
Audits of data protection controls (both technical and procedural)
What You'll Bring
The ideal candidate will have knowledge of data protection laws, regulations, and guidance (e.g., GDPR, DPA 2018, ePrivacy Regulation, CCPA, LGPD), and an IAPP or other certifications.
Solid understanding of neural networks and machine learning technologies, including concepts of bias, hallucination and drift
Existing knowledge of AI related regulations and guidance documents and the willingness and ability to keep this knowledge updated
Experience in carrying out data protection impact assessments
Demonstrable IS and IT skills, including software development skills (e.g. python. C# or C++)
Experience with Agile methodologies and product development frameworks
Work experience in a multinational organization
Ability to research and distil information to solve complex commercial data issues
Ability to handle information and business affairs with secrecy and confidentially as appropriate
Proven ability to complete tasks and to effectively manage multiple priorities under time pressure
Strong communication skills, both written and verbal; fluent in English
Excellent academic credentials
Role requires occasional (