Business Information Security Officer - Enterprise Data Organization

About The Position

Requirements

• Bachelor's degree in computer science, Information Systems, Engineering, or a related field (master's preferred).
• CISSP (Certified Information Systems Security Professional) is a MUST (non-expired).
• 8-10+ years of experience in security-focused roles, particularly in technology-heavy industries (e.g., Software, Financial Services).
• Proven track record of securing cloud-based services, ensuring scalability, performance, and reliability.
• Strong understanding of NIST security controls frameworks, risk assessment, and risk management.
• Solid experience in security engineering, system and network security, authentication, cryptographic protocols, and application security.

Nice To Haves

• OWASP Membership and CRISC (Certified in Risk and Information Systems Control) preferred.
• Experience with PII (Personally Identifiable Information) and security compliance regulations.
• Familiarity with service control frameworks such as SOC 1 and 2.
• Experience with usage and Risk around use of AI in the enterprise.

Responsibilities

• Design, implement, and maintain global security policies, standards, and procedures focused on protecting data across all environments.
• Ensure the divisional security strategy aligns with broader organizational goals, particularly data privacy and protection regulations (e.g., GDPR, CCPA).
• Own and manage all data-related security risks, performing risk assessments specific to data storage, processing, and transfer.
• Identify, assess, and prioritize data security vulnerabilities, ensuring effective remediation plans are in place and executed.
• Conduct periodic audits of data security controls to ensure compliance with internal policies and external regulations.
• Ensure adherence to data protection laws and implement robust measures for data privacy, security, and retention.
• Work closely with software development teams to ensure secure data handling throughout the software development lifecycle (SDLC).
• Lead investigations into data security breaches, ensuring proper reporting and communication with senior management during incidents.
• Develop and deliver targeted security training programs for employees, contractors, and third parties on best practices for data protection.
• Coordinate with third-party security vendors to conduct vulnerability assessments, penetration tests, and security audits focused on data protection.

Benefits

• Health care coverage designed for the mind and body.
• Generous time off helps keep you energized for your time on.
• Access a wealth of resources to grow your career and learn valuable new skills.
• Secure your financial future through competitive pay, retirement planning, and financial wellness programs.
• Family-friendly perks for partners and children.