Business Information Security Officer (BISO)

1.A Focuses on Core BISO activities

• Conduct Information Security Business Impact Assessments (ISBIA) for Projects, Applications, and Third-Party Outsourcing arrangements, aligning with team.
• Collaborate with Technology and Business units to evaluate the impact of control deficiencies.
• Lead the implementation of IS standards at the business level, ensuring alignment of procedures and practices with established standards.
• Collaborate in creating Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) using appropriate tools.
• Engage with Security Incident Response Teams to guide the resolution and closure of incidents, offering proactive recommendations.
• Generate periodic IS risk management reports, highlighting critical issues and proposing corrective action plans
• Ensure adherence to IS standards and best practices across diverse disciplines.
• Support the business during audit reviews and regulatory inspections related to IS matters.
• Maintain vigilant oversight of IS programs, encompassing programs, policies, and associated reporting within the business landscape.
• Collaborate with business units to rectify non-compliance in processes, applications, and outsourcing activities

2.Act as a Business Partner

• Regularly communicate and interact with Management and Employees, enhancing understanding of IS-related programs, policies, and standards.
• Leverage the ISO network to share resources, extract best practices, and enhance operational efficiency.
• Validate compliance with security controls within business contracts.
• Evaluate the alignment of IS processes with business needs, particularly concerning software and internet usage.
• Conduct Information and Cyber Security Awareness training to fortify organizational preparedness.
• Partner with application managers or the Technology Information Security Officer (TISO) to address specific technical requirements.
• Stay relevant to evolving cybersecurity regulations (MAS, CSA, GIA, LIA) to provide subject matter expert feedback. Assess the impact of new and updated regulations promptly by partnering with the ISO, Technology & Operations community.

Requirements

• Minimum 10 years of experience in Information security. In areas such as security governance, risk management, application security design, security,project management or security operation.
• Professional Certifications CISSP, CISM, CISA, SANS, Cloud would be preferred.