Business Info Security Officer

About The Position

Requirements

• Bachelor's degree in computer related field or equivalent experience plus at least 8 years of experience as an IT professional
• Strong understanding of business principles and business language, with the ability to tailor security messaging for clients, advisors, and executive audiences.
• Able to effectively communicate information security principles, strategy, and control effectiveness with all levels of employees, as well as present confidently to clients, advisors, and senior external stakeholders.
• Ability to align security strategy with business strategy and convert complex security concepts into concise, trust-building narratives and presentation materials for non-technical audiences.
• Understand multiple info security domains and have depth in a few of those domains (examples could include data protection, governance, cyber defense, application security, or others)
• Strong leadership & decision-making ability

Nice To Haves

• CISSP or CISM preferred
• Demonstrated executive presence, strong presentation skills, and experience representing security, risk, or compliance topics in client-facing or advisor-facing settings preferred.

Responsibilities

• Advise business area management and corporate information security on industry developments in information security, technology, security issues and legislation that impacts the SCBU, and translate those developments into clear, audience-appropriate messaging for clients and advisors.
• Develop and maintain working relationships with SCBU compliance, risk management, audit, privacy, fraud areas.
• Identify risks and issues and participate in risk assessments with corporate information security, bringing an information security lens to complex business unit initiatives.
• Review policies, standards and guidance and other key documents associated with our information security program and actively participate in information security governance as part of the Information Security Steering Group.
• Provide input on information security reporting and metrics, as well as to the business function, including project status, issues or funding issues, and synthesize this information into compelling presentations and talking points for client and advisor discussions.
• Represent on incident response processes which may include incident response planning and management of security incidents and events to protect IT assets.
• Responsible for oversight of business area compliance with information security policies and procedures, including but not limited to identity and access management, education and awareness, software security, patch management, data loss protection and overall business unit assessment of IT risk.
• Partner with business unit subsidiaries, joint ventures, partnerships, and other external relationships to communicate security expectations, explain our security program, and build confidence in secure communications and transactions with clients and advisors.
• Serve as a visible security spokesperson for the business by presenting our security strategy, control environment, and risk management approach to clients, advisors, and key external customers in a clear, credible, and business-relevant manner.

Benefits

• Flexible Time Off (FTO) is provided to salaried (exempt) employees and provides the opportunity to take time away from the office with pay for vacation, personal or short-term illness.
• Pension Eligible
• Comprehensive, competitive benefit offerings crafted to protect their physical, financial, and social well-being.