BISO - Business Information Security Officer

Combining business acumen with technical knowledge, the BISO assists in improving the information security posture with respect to delivering services and partnering with the regional/business unit leadership.  The BISO will understand the key assets and processes, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, the BISO will ensure business compliance with Information Security Policies and Standards while continuously monitoring and reporting on risks and documented exceptions.  The BISO helps the business achieve their objectives while not compromising the security posture.

‍

‍

‍

• Develop and maintain in depth understanding of region/business unit processes, systems, technologies, data, customers, consumers, partners
• Act as the primary local security contact / adviser for the IT leadership and the IT Business Partners, ITInfrastructure, IT Architecture, HR, Finance, Legal and other local personnel
• Partner with local Compliance,Legal, IT resources to achieve effective working relationships that can further the effectiveness of the Security program
• Implement the Information SecurityPolicies and Standards across the assigned region / business unit
• Communicate, oversee and carryout technical implementations of security solutions required to meet business objectives
• Proactively identify non compliance and areas of potential improvement, and facilitate development and deployment of standard solutions
• Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc.)
• Participate in region/business unit related conferences, client facing engagement, industry forums to represent theCyber Security program
• Provide regular and timely reporting on the status of cyber security across the region/business unit
• Provide escalation path for security issues, incidents and inquiries
• Work with Security Incident Response and Crisis Management teams to assist in effectively driving incidents toacceptable resolution; assist with investigations as needed
• Provide Cyber Security Guidance across functions and regions.
• Drive remediation activities across theNorth America (NA) Region.
• Collaborate with the Cyber DefenseOperations and Cyber Security Engineering teams to develop a technical roadmap.
• Work with the Compliance and InformationRisk Management team to drive policy and regulatory compliance.
• Assist on the implementation and translation of information security policies.
• Drive Service Level Management forCyber security and Assurance.

‍

• Bachelor's degree required, preferably in computer science or information systems
• 7+ years of experience leading penetration testing, application testing, and red team engagements
• 10+ years of Information Technology, with a background in Security and Compliance experience
• Experience working in Agile or Waterfall methodology and a deep understanding of phased approaches to the Software Development Life Cycle
• Ability to communicate clearly and effectively with both technology/development and business partners
• Strong relationship, team building and facilitation skills
• Ability to translate technical/security issues to business users
• Ability to independently influence others to achieve objectives
• Experience working in a matrix model, as the BISO supports operational and transformational efforts for a given region or organizational function
• Service Level Management experience
• Knowledge and experience of Information Security Risk and Security governance

‍