Regional Information Security Officer

The Regional Information Security Officer (RISO) is responsible for assisting their local team and aligning with the Corporate Security function to enhance the security posture of their Practice Area/Network's business and services. They will focus on implementing and ensuring compliance with information security policies, standards, and procedures, as well as identifying and mitigating information security risks. The RISO will collaborate with various support departments and participate in the management of security platforms and testing efforts. Additionally, they will contribute to the development of security awareness training, business continuity plans, and incident response activities.

• Build and maintain global relationships with Practice Area/Network business units and stakeholders to support local security activities with focus on continuous improvement and program maturation.
• Work with BISO and Corporate Security to deliver administrative and technical controls, in line with organizational policies, standards, contracts, and/or regulatory obligations.
• Support strategic and tactical alignment of corporate technology to overall security to business objectives for all divisions within region.
• Assist in responding to client requirements such as RFP/RFI, audits, security questionnaires, contract negotiation and client meetings as relates to security where appropriate.
• Collaborate with the Practice Area/Network IT departments to identify and address internal/external security risks management and governance issues, developing treatment plans to address risk or reduce the risk to an acceptable level while aligning with the Corporate Risk Management Framework and practices.
• Participate in implementation and management of Practice Area/Network and Corporate platforms, e.g. endpoint protection, encryption, SIEM, CASB, perimeter controls.
• Assist with regular testing and applicable remediation efforts of critical infrastructure, high-risk applications, and processes.
• Work with Corporate Security to supplement the global Information Security Awareness training curriculum, with Practice Area/Network specific content, facilitating cyber security awareness activities and security awareness concepts locally to be suitable for the business.
• Participate in the coordination and documentation of Business Continuity Plans and appropriate exercising across their assigned Practice Area/Network.
• Assist with Practice Area/Network and CSIRT responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents.
• Provides additional leadership in support of the CIO’s strategic initiatives through dotted line reporting to the Regional CIOs.
• Partner with Practice Area/Network technical operations staff for reporting on information program posture and compliance within all markets within the region.
• Maintain up to date knowledge of emerging security trends, risks, new guidance or standards (internal and external) and security enhancing technologies.

• Minimum 4 years of experience in IT, Information Security, IT Audit or related area
• Familiarity with Information Security industry standards/best practices and relevant regulations (e.g., ISO27001, PCI DSS, HIPAA, GLBA, FISMA, SOX, NIST, CobiT)
• Industry recognized certifications (CISA, CISSP, CISM) preferred
• Bachelor's degree in Information Security, Computer Science, Information Management Systems, Business/Accounting or related field or related experience preferred
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
• Ability to cultivate relationships and act as a consultancy to varied stakeholders including cross-functional/peer relationships with diverse, global teams
• Proven track record of managing security in operations programs, strategic services, and projects to minimize risk exposure to the business
• Possess a technical skill relevant to Information Security
• Strong problem-solving and analytical skills
• Demonstrate the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Experience in project management and corporate security environment for a global company in such areas as policy

• Competitive salary
• Comprehensive benefits plan
• Health/vision/dental insurance
• 401(k)
• Stock options
• Healthcare & Dependent Flexible Spending Accounts
• Vacation, sick, and personal days
• Positive activism days
• Paid parental leave
• Disability benefits