Business Information Security Office (BISO) Manager

Job Title:

Business Information Security Office (BISO) Manager

Location:

CityScape

What you'll do:

Western Alliance Bank’s (WAB) Business Information Security Office is responsible for maintaining a robust business information security strategy to protect the Bank's sensitive data, customer information, and critical systems, ensuring the confidentiality, integrity, and availability of all information assets while complying with relevant regulations and industry best practices. The BISO Analyst will plan, lead, and control activities for security (information, application, and infrastructure), risk, and compliance across WAB corporate functions and businesses. This is key to ensuring successful delivery of Information Security and IT risk management services in compliance with Western Alliance Bank policies, standards, and frameworks.

The ideal candidate has high energy, strong presence, and a passion for delivering value from the cybersecurity function. They possess deep technical security, governance, and risk expertise and will be a key advocate for security initiatives across the Bank, maintaining consistent alignment with the Security Risk & Compliance (SRC) organization and Cybersecurity Program.

The candidate will work directly with business and corporate stakeholders and work backwards into the Security Risk & Compliance (SRC) cybersecurity program organization to deliver business value. This individual will work as part of a matrixed team of security professionals in a structure designed to help them succeed in delivering best-in-class security to this stakeholder group.

This role reports directly to the WAB Business Information Security Officer.

• Manage business unit cyber security and risk requirements, ensuring high-quality execution.
• Partner with business to co-ordinate/conduct security risk, compliance, and audit reviews, and assist with remediation of findings.
• Ensure technology programs comply with relevant laws, regulations, and WAB cybersecurity policies and standards.
• Participate in business technology initiatives to represent the cybersecurity function.
• Ensure security programs address IT risk management findings and follow relevant laws, regulations, and policies.
• Partner with SRC cybersecurity program team to create business-line specific risk metrics and risk posture.
• Maintain risk and cyber security KRI/KPI dashboards and work with business units to improve business cybersecurity risk posture.
• Develop strong partnerships with IT, Business line, Risk Management, Audit, and Security Risk & compliance (SRC) teams to oversee management of IT security risk.
• Coordinate/deliver cybersecurity training to business-specific audiences.
• Participate in security policy and standards development, assuring business security requirements are accounted for.

What you'll need:

• Bachelor’s degree from a four-year college or university and five (5) or more years of related experience and/or training; or a combination of experience and education:
  • Work related experience working in a highly matrixed, cross-functional information technology role.
  • Educational experience, through in-house training sessions, formal school, or information security related curriculum, should be information security related.
• Minimum 1 year of team leadership or project management experience.
• Knowledge of cybersecurity domains including governance, vulnerability and incident management, data protection, identity/access management, secure application development, etc.
• Knowledge of cloud-based designs and secure evaluation of solutions involving IaaS, PaaS, and SaaS offerings.
• Knowledge of multiple security capabilities such as authentication, access provisioning, encryption, network security, data loss prevention, phishing, security information and event management (SIEM), incident response, threat management.
• Working knowledge of information security standards and risk assessment frameworks such as NIST 800-32, NIST CSF, FFIEC CAT, CRI, Cloud Control Matrix (CCM), etc.
• One of more of the following security certifications required: CISM, CISA, CRISC, CCSK, CCSP; CISSP preferred.
• Cloud-specific certifications (e.g., Microsoft Azure, AWS) preferred

Benefits you’ll love:
We offer all the important things you'd want — like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program. In addition, you’ll have the opportunity to bolster your business knowledge, learning the ins and outs of how successful companies operate and manage their finances, giving you invaluable hands-on experience to help grow your career!

About the company:

Western Alliance Bank is a wholly owned subsidiary of Western Alliance Bancorporation. Alliance Bank of Arizona, Alliance Association Bank, Bank of Nevada, Bridge Bank, First Independent Bank, and Torrey Pines Bank are divisions of Western Alliance Bank; Member FDIC.  AmeriHome Mortgage is a Western Alliance Bank company.

Western Alliance Bancorporation is committed to equal employment and will consider all qualified applicants without regard to race, sex, color, religion, age, nation origin, marital status, disability, protected veteran status, sexual orientation, gender identity or genetic information. Western Alliance Bancorporation is committed to working with and providing reasonable accommodations for individuals with disabilities. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process and/or need an alternative method of applying, please email HR@westernalliancebank.com or call 602-386-2488.  When contacting us, please provide your contact information and state the nature of your accessibility issue.  We will only respond to inquiries concerning requests that involve a reasonable accommodation in the application process.

© Western Alliance Bancorporation