The Business Information Security Officer (BISO) is the Cyber Security & Assurance primary point of contact for the assigned region/business unit and supports the implementation of the Cyber Security program. The BISO is a security leader for their area of responsibility and works closely with the CISO. As a trusted advisor, the BISO will collect business requirements, and will provide advice and oversight to ensure that Information Security policy is complied with for processes and systems.
Combining business acumen with technical knowledge, the BISO assists in improving the information security posture with respect to delivering services and partnering with the regional/business unit leadership. The BISO will understand the key assets and processes, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, the BISO will ensure business compliance with Information Security Policies and Standards while continuously monitoring and reporting on risks and documented exceptions. The BISO helps the business achieve their objectives while not compromising the security posture.