Business Information Security Officer - Vp

Who we are looking for

A Business Information Security Officer (BISO) who will be an integral part of a team responsible for ensuring the security of the business and functional teams in line with the company security policy and risk tolerance.

Other key relationships:

• Business Information Security Officers (BISO)
• BISO Leaders
• Business and Functional Technical Leaders
• Cyber Transformation Office
• Collaboration with 3LOD – Business, Compliance, Risk Management, Corporate Audit
• Regional CISOs

What you will be responsible for

• Consistently and effectively engage with Technology and Business leadership to embed security into their strategic and tactical plans
• Champion the Information Security mandates acting as a liaison between Global Cybersecurity (GSC) and the business units (BU)
• Actively promote and deliver on the BISO program and its mission
• Ability to operate autonomously with minimal directions or instructions to fully partner and to support responsible BUs
• Being a Trusted Cybersecurity Risk Adviser to the BU leadership team in all technical & cyber risk matters
• Positioning security within the business with the ability to communicate in non-technical terminology
• Create ambassadorship programs down in the business to ensure security is a partnership
• Assist in the development and successful outcomes of Security KPI/KRI that drive control effectiveness
• Report security performance and create visibility through effective metrics and reporting
• Directly support technical security assessments & recommend remediation plan for the partnering BU’s
• Participate in Information Security and 3rd Party Risk Management (TPRM) assessment for assigned BUs
• An ability to communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner to all levels of target audience from executives to technical staff
• Delivery of effective security outcomes that drives improvements of security within the business
• Participate actively in decision making with management and seek to understand the broader impact of current decisions
• Create and deliver effective presentations as a means for communicating project and deliverable progress at all levels of target audience.
• Build and nurture positive working relationships with BU’s with the intention to exceed expectations
• Work cross-functionally with team members to support and enhance collaborative environment
• Manage the trade-offs required to manage the various levels of risk tolerance and risk exposure across the organization and balance this with risk investments
• Partner with BU Leadership to identify, evaluate, and address cyber security risks
• Ensures and monitors security compliance with industry and government rules and regulations
• Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks
• Promote information security awareness program to ensure staff members across the organization understand the trade-off between risk and return
• Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns by end users so that policy can align with need.
• Stay up to date on present and emerging security trends, technology, & threats.
• Manage and mentor a small team at different skill level

What we value

These skills will help you succeed in this role:

• Driving results
• Analytical & Strategic Thinking
• Collaborating & Influencing
• Senior Executive communication
• Ability to give presentations at all levels and diverse audiences
• Experience managing small but technical staff
• S.M.A.R.T. goals that symbolize success of Security adoption within the BUs
• Project Management experience leading small and medium sized teams to successful completion
• Modern technology understanding, experience developing and implementing innovated techniques and solutions to delivering cost efficient and secure solutions
• Self-starter with attention to detail that believes in continuous learning and continuous improvement in all areas
• Hands-on experience or working knowledge in multiple technical & security domains: Threat modeling, Cloud security, Artificial Intelligence, Automation, IAM, firewall, network, secure solution design, VPN, encryption, vulnerability & code review, Windows/Unix/Linux server security, SSO, MFA, industry security framework & standards, various protocols (e.g., TCP/IP, UDP, MPLS, SSL/TLS, SSH, HTTPS, FTP, RDP, ICA, BGP, LDAP, etc.)
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Strong relationship building skills focused on shared decision making and accountabilities.
• An ability to effectively influence others to modify their opinions, plans, or behaviors
• Ability to react to high pressure dynamic changing environments

Education & Preferred Qualifications

• 8-12 years of experience in information security (cybersecurity) and related information technology experience required
• Bachelor’s degree in a technical field (e.g., Computer Science, Engineering, IT, etc.)
• Required: CISSP
• Preferred: Cloud Security, AI, CRISC, CISM, CISA or similar certifications
• Highly regulated environment experience, preferably financial services

Additional requirements

Travel up to 10% may be required.

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.