Combining business acumen with technical acumen, the BISO assists in improving the information security posture with respect to delivering services and partnering with the IT and business leadership. The BISO will understand key assets and processes, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, the BISO will communicate business compliance with Information Security Policy and Standards by continuously monitoring and reporting on risks and documented exceptions. The BISO helps the business achieve their objectives while not compromising RCG security posture.
The successful candidate for this position will champion the risk management methodology and cultivate a team of GIS subject matter experts with the brand(s) and support business verticals. Additionally it will opine on the risk organization and collaborate with a team of risk managers that informs management of application and third party risk enterprise-wide. This position will require superior communication, networking, leadership and technical risk management skills. RCG is regulated globally so the candidate should have good experience working with a variety of country specific privacy laws.
Essential Duties And Responsibilities
• Act as the primary security contact, collaborating with business leaders to balance risk/reward to improve security in applications and third party engagements, developing deep understanding of business processes, systems, technologies, data, stakeholders and third-party partners.
• Partner with Compliance, Legal, and digital product team resources to achieve effective working relationships that can further the effectiveness of the Information Security Program.
• Support goals for the team of GIS risk managers who manage information security system and third-party risk program working alongside business leadership to control cybersecurity risk for the organization.
• Identify and report on metrics related to risk program and policy, communicating risk/reward scenarios to synchronize with RCG’s corporate governance framework.
• Advocates for required change and continuously manages policy and standards exceptions program. Leads discussions and answers complex cross-functional policy and standards questions, forecasting best practice in policy.
• Contributes to and aligns risk programs with the NIST CSF based information security program
• Communicate, oversee and carryout technical implementation of security solutions required to meet business objectives
Financial Responsibilities
• Ensures individual expenses are within corporate guidelines.
Qualifications
• Bachelors in Information Technology/Security, Computer Science is preferred, non-technical degrees with Computer Science fundamentals will be consider combined with technology experience.
• At least one Information Security certification such as CISSP, CRISC, GIAC, CISM, etc. required.
• 3-5years of Information Security, Information Technology, Risk, Audit and/or a combination of experience.
• 1-3years of managing projects and/or teams.
• 3-5years of security development or operations experience.
• Executive level written and verbal communications required.
• Experience working in a matrix model, as BISO supports operational and transformation efforts for all brands and business units across RCG
Knowledge And Skills
• Strong relationship, team building and facilitation skills
• Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post production and the different risk elements associated with each step.
• Expert with Microsoft Office suite of applications, ability to rationalize raw technology metrics into meaningful reports at an executive level.
• Expert at creating purposeful metrics, KRI’s/KPI’s that convey risk messages and identify areas for improvement that are actionable by executive teams.
• Expert knowledge of information security frameworks such as NIST, ISO, FISMA, etc.
• Expert knowledge risk frameworks such as Octave, FAIR, ISACA RiskIT, ISO 27005, and/or NIST 800-30 or 800-37.
• Knowledge of global privacy laws, regulations, and guidelines.
• Ability to articulate information security risk program to employees and third parties at all levels within and outside the organization.
• Act as the primary security contact, collaborating with business leaders to balance risk/reward to improve security in applications and third party engagements, developing deep understanding of business processes, systems, technologies, data, stakeholders and third-party partners.
• Partner with Compliance, Legal, and digital product team resources to achieve effective working relationships that can further the effectiveness of the Information Security Program.
• Support goals for the team of GIS risk managers who manage information security system and third-party risk program working alongside business leadership to control cybersecurity risk for the organization.
• Identify and report on metrics related to risk program and policy, communicating risk/reward scenarios to synchronize with RCG’s corporate governance framework.
• Advocates for required change and continuously manages policy and standards exceptions program. Leads discussions and answers complex cross-functional policy and standards questions, forecasting best practice in policy.
• Contributes to and aligns risk programs with the NIST CSF based information security program
• Communicate, oversee and carryout technical implementation of security solutions required to meet business objectives
Financial Responsibilities
• Ensures individual expenses are within corporate guidelines.
Qualifications
• Bachelors in Information Technology/Security, Computer Science is preferred, non-technical degrees with Computer Science fundamentals will be consider combined with technology experience.
• At least one Information Security certification such as CISSP, CRISC, GIAC, CISM, etc. required.
• 3-5years of Information Security, Information Technology, Risk, Audit and/or a combination of experience.
• 1-3years of managing projects and/or teams.
• 3-5years of security development or operations experience.
• Executive level written and verbal communications required.
• Experience working in a matrix model, as BISO supports operational and transformation efforts for all brands and business units across RCG
• Strong relationship, team building and facilitation skills
• Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post production and the different risk elements associated with each step.
• Expert with Microsoft Office suite of applications, ability to rationalize raw technology metrics into meaningful reports at an executive level.
• Expert at creating purposeful metrics, KRI’s/KPI’s that convey risk messages and identify areas for improvement that are actionable by executive teams.
• Expert knowledge of information security frameworks such as NIST, ISO, FISMA, etc.
• Expert knowledge risk frameworks such as Octave, FAIR, ISACA RiskIT, ISO 27005, and/or NIST 800-30 or 800-37.
• Knowledge of global privacy laws, regulations, and guidelines.
• Ability to articulate information security risk program to employees and third parties at all levels within and outside the organization.
