BISO Business Information Security Officer
Posted on Nov 13, 2019 by Request Technology
A prestigious company is searching for a Business Information Security Officer. This individual needs to have 10+ years of larger enterprise company experience. They will be the advisor to both the business and the CISO. They will be reporting security risks to the CISO and appropriate committees, also, they will play a big role in information security incident response process. This individual will make sure that the business compliance is in agreeance with the Information Security Policy and standards.
- Establish a documented Information Security Program and supporting strategy for the area of responsibility (AOR)
- Ensure program is aligned with the AIS Information Security Program, Policies and Standards
- Ensure inclusion of all applicable regulatory, legal and contractual obligations
- Leverage the Enterprise and AOR specific Information Security Risk Assessments to establish and monitor the program
- Update the program annually
- Information Security Risk Management
- Policy Compliance
- Access Management
- Data Protection
- Education and Awareness
- Provide input into the Company Corporation Information Security Program
- Review and provide input into the Information Security Policy and Standards
- Ensure clear lines of communication between AOR and the Chief Information Security Officer
- Provide reporting on the state and efficacy of security controls for their projects and platforms
- Securing ongoing security funding for special/complex projects, and evangelizing security awareness across Business Unit
Key Success Criteria
- Support the Business Unit and CISO in seeking cost optimizing and driving reduction in operations costs of managing the security controls.
- Increased levels of security across designated Business Unit.
- Improved compliance with security standards and policies across Business Unit teams.
- Greater awareness of information security and data privacy requirements (globally); and
- Drive adoption of global security program standards throughout the product and core business platform teams.
- Bachelor's Degree or equivalent experience
- 8+ years or more year of experience in audit or information security related role.
- Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
- Project management experience highly desired
- Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
- Ability to interpret and apply policies and regulations across a large, complex business
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker