Business Information Security Officer (BISO)

BUSINESS INFORMATION SECURITY OFFICER

The Client:

Our services-oriented client conducts business in 48 countries. They are aligned by Divisions based on the industries they serve, and they are adding a Business Information Security Officer a Divisional leadership team.

The Role:

The Business Information Security Officer (BISO) will be responsible for directing and managing the alignment of Security for the Division in support of achieving the goals and objectives of the broader organization. The BISO is a business focused security specialist with responsibility for the Division and subsequent business units working as part of the Corporate Security function to drive governance and compliance of the Corporate Information Security policies, standards, procedures and guidelines to prevent the unauthorized use, release, modification or destruction of data, specific to the Division. The BISO will also be expected to be a security evangelist providing internal security consultancy to support business strategy and identify information Security related risks and proactively work with all support departments including Business Areas, Human Resources, Facilities, Finance, Information Technology and Corporate Security to ensure that Information risks are identified, assessed, and mitigated in all situations where possible. You will collaborate closely with senior Division and Technology leaders in developing and executing state-of-the-art IT processes, transforming strategy into goals and objectives aligned with cost-effective security solutions. You will report to the a Global Security Leader in Corporate who reports to the Global Chief Information Security Officer. Without a doubt, your interpersonal skills will be as critical to your success as your technical background.

Similarly, this role requires a leader who will cultivate the innate talents of the team. Create cohesion inside the team and beyond Security, across segments and business units through open lines of communication, guidance and education, partnership and collaboration. There’s a lot of change ahead, and our client wants every team member to understand how their choices and accountability will directly impact the team and their global practice.

As some business units in your care are more mature in their IT processes than others, this role will allow for a great level of diversity between leveraging an entrepreneurial approach and applying strategic enterprise thinking and solutions.

Key areas of focus:

Build and maintain global relationships with business units and stakeholders to support security activities, including but not limited to, responding to client requirements such as RFP/RFI, assisting with contract negotiation and client meetings as relates to security where appropriate.

Work with Corporate Security to deliver operational tasks including, but not limited to, assessment of technical architecture changes, supply chain risk management and monitoring of security controls and policy adherence in line with Corporate policies and standards.

Identifying and managing potential security risks and governance issues and developing remediation/ treatment plans to resolve the risk or reduce the risk to an acceptable level, aligned with the Corporate Risk Management Framework.

Build and lead teams and leverage cross-functional partnerships to deliver on business and security initiatives.

Assist in the coordination and delivery of Network information security audits, inspections, tests and reviews.

Work with Corporate Security to supplement the global Information Security Awareness training curriculum, with Division specific content.

Support delivery of information security services in accordance with requirements, delivering to timescales, quality measures and standards including change control.

Support the development of information security by adopting a proactive and innovative approach to continuous improvement.

Manage and coordinate Business Continuity Plans and appropriate exercising across the Network.

Provide input into the analysis and discussion of security policies, standards and practices.

In conjunction with colleagues from Corporate Security, Legal and Compliance, evaluate and disseminate regulatory information security rules, laws, and best practices, and collaborate with internal and external counsel as needed.

Lead and coordinate Division responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents.

Responsible for maintaining and enhancing, as applicable, Division Incident Response Plan aligned with Corporate policy and protocol.

Collaborate with the business unit IT departments to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required.

Monitor information security trends and evolving technologies and keep senior management informed about related information security issues and implications for the Enterprise.

Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate this information to appropriate team members throughout the Enterprise on a timely basis.

Qualifications:

Minimum 10 years of experience in IT Security, IT Audit or related area including experience in a Lead Security Role.

Minimum 5 years of experience leading and motivating teams, multi-national/global leadership experience preferred.

Must be a strategic, big picture thinker who understands, appreciates and can appropriately balance compliance and business objectives.

Bachelors degree in Information Security, Computer Science, Information Management Systems, Business, Accounting, or related field or related experience.

CISSP or CISM certification strongly preferred.

Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security, SIEM, and risk analysis.

Familiarity with Information Security industry standards/best practices and relevant regulations

(e.g., PCI DSS, HIPAA, GLBA, FISMA, SOX, NIST, ISO, CobiT).

Personal attributes:

Analytical and detail oriented.

Excellent interpersonal skills (inclusive of listening) and a roll-up-your-sleeves personality.

Excellent written and oral communication skills.

Strong negotiation skills.

Willingness to travel as needed.