Business Information Security Officer

About The Position

Requirements

• Aptitude for understanding internal organizational environments and their relationship to the external business environment.
• Understanding of how business initiatives create value and risk for organizations.
• Able to effectively analyze risk within the context of business problems.
• Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes.
• Ability to translate technical risks into business terms for senior stakeholders and non-technical leaders.
• Experience partnering with IT, Cloud, and Business Units to embed security in strategic initiatives.
• Adept at understanding business focus and processes and ability to inject cybersecurity into those areas through teamwork and influence.
• Able to consistently, effectively defend ideas and solutions.
• Strong problem-solving and trouble-shooting skills.
• Accessibility and ability to interface with and build credibility and relationships with all stakeholders.
• Is a confident, energetic self-starter, with strong communication skills.
• Good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
• Bachelor’s degree from an accredited college or university.
• Significant work experience may be substituted for the education requirement.
• Substantial demonstrated work experience (ideally a minimum of 5 to 8 years) in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.
• Experience in working with and preferably leading a global, cross functional team.
• Must be a U.S Citizen or Legal Permanent Resident.
• Favorable credit check for all cleared positions
• Successfully passing a background investigation including drug screening.
• Must have mobility to attend meetings with other managers and employees.
• Must be able to write, type, and use a telephone system 100% of the time.
• Sitting for prolonged and extended periods of time.

Nice To Haves

• CISSP or CISM Certifications encouraged but not required.

Responsibilities

• Serving as the primary liaison between business units, cloud engineering, IT, and Cyber Security.
• Build relationships with division business units to deliver security by design controls incorporated into projects, architecture, infrastructure and applications.
• Act as a subject matter expert (SME) between cybersecurity and the lines of business in the development of appropriate policies, standards, and frameworks .
• Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function .
• Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with frameworks, policies and standards set by the organization .
• Participate in cybersecurity and business-related councils or working groups as necessary .
• Educate stakeholders on cybersecurity-related matters to increase awareness and improve culture .
• Develop an understanding of business goals and reframe risk discussions in business terms.
• Constructively engage business partners regarding cybersecurity issues.
• Establish risk ownership and accountability within the business line.
• Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions.
• Reshape business partners’ preconceived notions of success where appropriate.
• Complete and deliver all assignments and work products in a timely manner.