Business Information Security Officer- Remote
Salary undisclosed
Apply on
Original
Simplified
Role Summary
BISO is a key leadership Technology roles aligning with our business functions to acts as a conduit between the cybersecurity service delivery and business Technology. Acting as the primary delegate for the business line Chief Information Security Officer, the BISO is responsible for maintaining a strategic relationship with the business function to ensure that ongoing continuity of cybersecurity the evolving organization.
Strategically you will be responsible for ensuring delivery of the last mile execution of global Information Protection Shared Services, developing and measuring capabilities whilst leading risk management activities for a portion of our business.
Key Responsibilities
Understand the business unit and accompanying strategy to continuously monitor threat trends and business change to anticipate and plan for future impact of cyber risk on each business function.
Manage regulatory engagements, including managing information gathering, oversight of regulatory & compliance submissions in conjunction with matrix Information Protection Shared Service Partners and governance stakeholders, legal, compliance and data privacy.
Leverage the Enterprise Risk Management framework, perform focused localized risk assessments of existing or new services and technologies in line with policies and standards, and manage the risk exceptions process. Develop residual risk registers and integrate into Shared Service Integrated Risk Management Framework.
Evolve Information Protection security policies and processes, aligning to local business requirements and operate the policy exceptions management process. Coordinate security education & awareness initiatives in line with policy framework, integrate with the Shared Service overall thematic awareness program.
Partner with business line CIOs and technology stakeholders to educate and integrate risk management activities in first and second line of defense governance.
Coordinate with Shared Services to provide localized risk and vulnerability management information and reporting and embed Cyber / Information Security into business operational governance forums enabling data driven decision making.
Develop organizational wide Cyber / Information Security risk views by collaborating with internal control groups e.g. Audit, Compliance, Enterprise Risk Management, Legal and Privacy.
Liaise across Legal, Privacy and Sourcing teams to manage 3rd party risks. Conduct 3rd Party Assessments, including evaluations, contract reviews and onsite visit where appropriate.
Embed secure development practices, working with local business and technology teams to implement enterprise tooling and processes to ensure secure code implementation. Embed risk management practices into Agile / DevSecOps pipelines to minimizing production vulnerabilities.
Champion local incident responses & handling processes, provide business context and local expertise in incident scenarios. Coordinate with Shared Service owner to manage local incident management postmortem activities and track residual findings to resolution. Maintain and manage local regulatory incident response reporting requirements. Engage with Shared Services to carry out forensics security investigations work integrating processes with business and legal / compliance stakeholders.
Partner with Global Architecture Shared Services organizations to implement standard security solutions and capabilities, providing expert change solution design in local business line. Conversely feed global Architecture roadmaps by capturing local requirements.
Support business line mergers, acquisitions, and divestiture activities in line with the Shared Services playbook designed to reduce change risk.
Lead local business Information Protection teams as well as matrix manage Shared Services peers. Ensure in person employee engagement by motivating team, running personalized development programs, and creating an empowering culture aligned with values.
Qualifications and Experience
A BA/BS in business or technical related field. MBSs are an added benefit, but not required.
Proven track record of successfully influencing and leading peer and matrix teams where direct and in-direct reporting relationships exists. Strong leadership qualities and business acumen able to deal with all levels of the organization. Demonstrable experience developing and leading organizations autonomously. Appreciation of global organizational culture variances.
Minimum 7+ years of Information Security / Cyber or related risk management experience. Ability to translate information security and technical controls into business terms that are easily understood. CISSP or other security related certification preferred (CISM, etc.).
Implementation level knowledge of information security standards and frameworks (e.g. ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, Fedramp, etc.) and attestation reports (e.g. SOC 1/2). Awareness of Governance, Risk and Compliance and workflow management tools.
Experience within the Insurance, Financial Services, and/or Healthcare industry preferred
BISO is a key leadership Technology roles aligning with our business functions to acts as a conduit between the cybersecurity service delivery and business Technology. Acting as the primary delegate for the business line Chief Information Security Officer, the BISO is responsible for maintaining a strategic relationship with the business function to ensure that ongoing continuity of cybersecurity the evolving organization.
Strategically you will be responsible for ensuring delivery of the last mile execution of global Information Protection Shared Services, developing and measuring capabilities whilst leading risk management activities for a portion of our business.
Key Responsibilities
Understand the business unit and accompanying strategy to continuously monitor threat trends and business change to anticipate and plan for future impact of cyber risk on each business function.
Manage regulatory engagements, including managing information gathering, oversight of regulatory & compliance submissions in conjunction with matrix Information Protection Shared Service Partners and governance stakeholders, legal, compliance and data privacy.
Leverage the Enterprise Risk Management framework, perform focused localized risk assessments of existing or new services and technologies in line with policies and standards, and manage the risk exceptions process. Develop residual risk registers and integrate into Shared Service Integrated Risk Management Framework.
Evolve Information Protection security policies and processes, aligning to local business requirements and operate the policy exceptions management process. Coordinate security education & awareness initiatives in line with policy framework, integrate with the Shared Service overall thematic awareness program.
Partner with business line CIOs and technology stakeholders to educate and integrate risk management activities in first and second line of defense governance.
Coordinate with Shared Services to provide localized risk and vulnerability management information and reporting and embed Cyber / Information Security into business operational governance forums enabling data driven decision making.
Develop organizational wide Cyber / Information Security risk views by collaborating with internal control groups e.g. Audit, Compliance, Enterprise Risk Management, Legal and Privacy.
Liaise across Legal, Privacy and Sourcing teams to manage 3rd party risks. Conduct 3rd Party Assessments, including evaluations, contract reviews and onsite visit where appropriate.
Embed secure development practices, working with local business and technology teams to implement enterprise tooling and processes to ensure secure code implementation. Embed risk management practices into Agile / DevSecOps pipelines to minimizing production vulnerabilities.
Champion local incident responses & handling processes, provide business context and local expertise in incident scenarios. Coordinate with Shared Service owner to manage local incident management postmortem activities and track residual findings to resolution. Maintain and manage local regulatory incident response reporting requirements. Engage with Shared Services to carry out forensics security investigations work integrating processes with business and legal / compliance stakeholders.
Partner with Global Architecture Shared Services organizations to implement standard security solutions and capabilities, providing expert change solution design in local business line. Conversely feed global Architecture roadmaps by capturing local requirements.
Support business line mergers, acquisitions, and divestiture activities in line with the Shared Services playbook designed to reduce change risk.
Lead local business Information Protection teams as well as matrix manage Shared Services peers. Ensure in person employee engagement by motivating team, running personalized development programs, and creating an empowering culture aligned with values.
Qualifications and Experience
A BA/BS in business or technical related field. MBSs are an added benefit, but not required.
Proven track record of successfully influencing and leading peer and matrix teams where direct and in-direct reporting relationships exists. Strong leadership qualities and business acumen able to deal with all levels of the organization. Demonstrable experience developing and leading organizations autonomously. Appreciation of global organizational culture variances.
Minimum 7+ years of Information Security / Cyber or related risk management experience. Ability to translate information security and technical controls into business terms that are easily understood. CISSP or other security related certification preferred (CISM, etc.).
Implementation level knowledge of information security standards and frameworks (e.g. ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, Fedramp, etc.) and attestation reports (e.g. SOC 1/2). Awareness of Governance, Risk and Compliance and workflow management tools.
Experience within the Insurance, Financial Services, and/or Healthcare industry preferred
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job Similar Jobs