Security Business Partner - Business Information Security Office

PNC•Quinte West, ON

4d•Onsite

About The Position

The Security Business Partner (SBP) serves as a strategic partner and relationship manager between Enterprise Information Security and Line of Business. This role ensures that information security requirements, risk considerations, and governance expectations are identified early and incorporated into business initiatives, technology solutions, and risk management activities for the Line of Business. PNC is an in-office company that fosters a supportive culture where employees can thrive and achieve balance. We encourage candidates to connect with their recruiter and hiring manager to understand workplace expectations and ensure the role aligns with their goals. PNC will not provide sponsorship for employment visas or participate in STEM OPT for this position. Serves as a partner and relationship manager with line of business(es) and staff areas to ensure integrated delivery of cyber, fraud and physical security services and a centralized escalation point. Serves as strategic partner and brings the right security resources together to provide security solutions. Supports business and staff areas in elevating their security posture in a risk-balanced manner and building trust in the brand. Supports business objectives while effectively managing risk. Leads relationship with a line of business, serving as the point of escalation to ensure successful outcomes and is responsible for the overall client experience with a technology organization, including, cyber, fraud and physical security risk, business demand management, technology expenditures, client feedback & relationship management. Analyzes opportunities to implement improvements and ensure the execution of solutions that are cost effective, meet business requirements and are consistent with technology capabilities, functionality and the proactive integration of security. Collaborates with internal T&I and business groups on process improvement projects designed to support product strategies and revenue generation/cost reduction. Gathers and analyzes complex client requirements, and the transformation of requirements into functional/non-functional requirements.

Requirements

CISSP, CRISC, or CISA certification
Experience in information security, technology risk, or related technology roles within large, complex enterprise environments.
Familiarity with enterprise security domains such as Identity Access Management, Data Protection, Cloud Security, and Risk Management
Knowledge of information security risk, control objectives, and governance processes.
Demonstrated ability to work effectively with business, technology, and risk stakeholders.
Roles at this level typically require a university / college degree, with 5+ years of industry-relevant experience.
Specific certifications are often required.
In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Nice To Haves

Experience supporting regulated financial services or large institutional lines of business.
Working experience in one or more enterprise security domains such as Identity Access Management, Data Protection, Cloud Security, and Risk Management.
Access Control (AC)
Building Architecture
Customer Solutions
Cybersecurity Risk Assessment
Disaster Recovery Planning
Information Security
Network Security
Physical Security
Risk Assessments
Security Governance
Security Reviews
Security Technologies

Responsibilities

Serve as the security point of contact for Line of Business, Risk, and Technology teams to ensure integrated delivery of cybersecurity services.
Lead or assist in the relationship with a line of business to ensure successful outcomes and is responsible for the overall client experience within the Security organization, including cybersecurity risk, business demand management, client feedback & relationship management.
Coordinate security input for risk discussions, executive updates, and committee presentations.
Engage across the lifecycle of business and technology initiatives, including RFP activities, technology due diligence, and security approvals.
Promote adoption, accountability, and sustainability of security requirements and controls for Line of Business initiatives.
Ensure that security requirements and standards are identified and incorporated into Line of Business technology solutions and platforms.
Participate in key initiative and program meetings to provide ongoing security and risk input.
Support Line of Business risk assessments, security reviews, and governance activities for initiatives with material technology, data, or business impact.
Partner with Line of Business Risk organization to improve Security posture through the reduction of Policy Exceptions, open vulnerabilities, and implementation of automated identity access controls.
Translate information security requirements and risk considerations into relevant guidance to support informed decision making by Line of Business stakeholders.
Provide support for ad hoc or high priority security situations, including coordination of communications and remediation planning.

Benefits

medical/prescription drug coverage (with a Health Savings Account feature)
dental and vision options
employee and spouse/child life insurance
short and long-term disability protection
401(k) with PNC match
pension and stock purchase plans
dependent care reimbursement account
back-up child/elder care
adoption, surrogacy, and doula reimbursement
educational assistance, including select programs fully paid
a robust wellness program with financial incentives
maternity and/or parental leave
up to 11 paid holidays each year
9 occasional absence days each year, unless otherwise required by law
between 15 to 25 vacation days each year, depending on career level; and years of service