Business Information Security Officer

About The Position

Requirements

• Exceptional verbal, written and presentation skills are required.
• Ability to manage relationships with senior executives.
• Ability to create business / project plans across business units.
• Understanding of technical concepts within security risk and compliance.
• Understanding of business concepts and business process improvement.
• Self-starter with the demonstrated ability to drive engagement and cooperation across de-centralized teams.
• A sense of urgency.
• Ability to prioritize.
• Ability to handle multiple simultaneous projects.
• Ability to articulate technical topics to non-technical personnel.
• A Bachelors Degree in Business, CIS, MIS or related discipline is required.
• The successful candidate should have 10+ years experience in cyber security or technology audit.

Nice To Haves

• Professional designations are preferred including: CISSP, CISM, CISA, QSA, & CRISC.
• A Masters Degree is desirable.
• A background in consulting or public accounting at a top tier firm is desirable.
• Experience managing Cyber Security and compliance programs across large organizations / business units is desired.

Responsibilities

• Strong consulting skills with an ability to communicate with multiple departments and levels of management to resolve technical and procedural security risks.
• Ability to clearly communicate and report detailed status to senior management and peers.
• Proactively engage various stakeholders in the business unit as appropriate to get their ‘buy in’ for security initiatives.
• Be successful at influencing changes without direct reporting line authority.
• Reporting status of progress through scorecards at various levels of the organization, including functional score cards, management score cards, and executive score cards.
• Demonstrated experience in identifying, assessing, and resolving product security risks and compliance measures.
• Operate as an intermediary for various Risk and Compliance programs (Responsible AI, Cybersecurity, Internal Audit, Business Continuity, Privacy, Product Security, Security Engineering) to ensure the applicable requirements have been tailored to the organization that the BISO aligns too.
• Establish agreement and lead RACI documentation efforts for process improvements related to security and compliance management.
• Help promote training, awareness and best practices within BU operations teams with regard to needed processes and procedures to maintain a secure operating model.
• Strong project management skills with experience defining objectives, identifying resource needs, and ability to execute detailed plans towards goal completion.
• Ability to identify information security risks, or research and quantify risks reported by others, within de-centralized processes and then articulate and drive proper treatment of risk, including logging and managing exceptions on-going, with relevant stakeholders.
• Ability to frame business process improvement in the context of a departmental or enterprise wide view.
• Review end customer contracts and provide support for deal closure within the context of what security requirements and liabilities are needed.
• Manage customer audits and RFP responses for BU Management
• Influence without authority, collaborate to drive a common compliance methodology and risk management methodology to support consistencies across de-centralized teams.
• Required to act as a team lead to support success of key compliance initiatives, taking the lead role, and assigning/delegating tasks across distributed teams, keeping track of cross functional milestones and deliverables, and driving timely completion in support for the business objectives to operate in a compliant manner.
• Mentoring for non-security personnel across the business.
• Individual should have a thorough understanding of cyber security best practices.
• Experience with applying cyber security governance frameworks into a business process including ISO 27002, COBIT, or COSO.
• Experience with various compliance, privacy, and regulatory standards including Sarbanes-Oxley, SSAE 16, PCI-DSS, ISO 27001, HIPAA, TiSAX, CMMC, and Responsible AI frameworks and state and international privacy laws.
• Experience administering and/or auditing various information security technologies/areas including firewalls, intrusion detection, encryption, Linux O/S, Windows O/S, databases, antivirus, patch management, vulnerability scanning, backup, logging and monitoring, remote access, application development, and change management.
• Other duties as required.

Benefits

• medical
• vision
• dental coverage
• 401k
• paid vacation
• holidays
• sick time
• discretionary performance-based bonus