Cybersecurity Architect (BISO) - Hybrid

FactSet creates flexible, open data and software solutions for over 200,000 investment professionals worldwide, providing instant access to financial data and analytics that investors use to make crucial decisions.  

At FactSet, our values are the foundation of everything we do. They express how we act and operate, serve as a compass in our decision-making, and play a big role in how we treat each other, our clients, and our communities. We believe that the best ideas can come from anyone, anywhere, at any time, and that curiosity is the key to anticipating our clients’ needs and exceeding their expectations.  

Your Team's Impact 

The Business Information Security Officer (BISO) serves as a trusted security advisor to lines of business. The BISO understands security risks and technologies and is able to effectively communicate them to business units. The BISO works in tandem with the business across multiple services and platforms to address risk, while advising business leaders to ensure they are making decisions with security in mind. The BISO is an advanced role supporting the cybersecurity program. This individual provides leadership, executive support, and strategic and tactical guidance for a world-class cybersecurity program supporting enterprise security initiatives. As a business enabler, the BISO is an effective communicator with the technical aptitude to drive security fundamentals into aspects of the business. 

The BISO must be capable of working closely with senior management, third parties, project managers and business subject matter experts (SMEs). Additionally, the BISO must be personable and able to translate cybersecurity issues to business leader initiatives. The BISO must have a technical background and be able to understand technologies, their purpose, and their security requirements and data protection needs, wherever they reside. BISOs should also understand threats, as well as risk mitigations and technical controls recommended by security leaders.

What You'll Do 

• Serve as a trusted security advisor with business unit leadership.
• Act as a liaison to ensure cybersecurity practices are built into business unit initiatives for the entire lifecycle.
• Act as a trusted point of contact across business units.
• Work closely with security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.
• Be actively informed and engaged in security projects across the business.
• Provide disaster recovery and business continuity planning advice when working with leaders for business and cybersecurity resiliency.
• Enforce the strong security culture set forth by the CISO, ensuring uniformity across business units and employees.
• Foster strong relationships with internal business units and excel in cybersecurity communication.
• Advise business units on enterprise-wide people, process and technology security recommendations.
• Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.
• Ensure business projects are focused on cybersecurity from the beginning.
• Identify and document threats and vulnerabilities that may impact the business and address them regularly with business units.
• In conjunction with security and business leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to non-technical teams in terms that are accessible and comprehensible.
• Provide motivation to business units to adopt cybersecurity controls.
• Remove complexity and obstacles that hinder efficient security controls enterprise wide.
• Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure and applications.
• Stay abreast of new laws, regulations and standards, and assess their impact to the business.
• Verify security content training initiatives and internal/external communication are conducted regularly.
• Openly support the CISO, management team and executive leadership, even during tumultuous times.
• Perform other duties as assigned.

What We're Looking For 

Required Skills 

• 15+ years of relevant Cybersecurity experience with minimum 5 years as Cybersecurity Architect or Lead Engineer
• Bachelor’s degree in information Cybersecurity, Cybersecurity Assurance, Computer Science or related fields
• Must have fluency in English both written & verbal
• Relevant certifications preferred include CISSP, CISM, GSEC, etc.
• Experience collaborating with IT teams to implement technology solutions that enable business initiatives and reduce risk
• Knowledge of relevant enterprise architecture methodology.
• Ability to determine key security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; and identifying integration issues
• Knowledge of relevant Cloud architecture standards, methodology, and technology
• Expert knowledge of security issues, techniques and implications
• Advanced knowledge of common systems, software and web application vulnerabilities (e.g., OWASP Top 10)
• Experience performing Root Cause Analysis (RCA) for control failures and advising IT Management with risk treatment plans
• Experience mentoring Cybersecurity and IT team members

Desired Skills 

• Capable of working with diverse teams and promoting an enterprise-wide positive security mindset/culture.
• Adept at understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.
• Ability to translate design into bill of materials and prepare cost estimates.
• Experience with risk assessments of new product development as well as externally purchased applications and cloud services
• General understanding of project management best practices
• Ability to translate technical designs into bill of materials for procurement, collaborate with procurement team, draft Request for Quote/Purchase/Information (RFQ/RFP/RFI), and manage vendor relationships,
• Familiarity of SSDLC (Secure Software Development Life Cycle) or SDL (Secure Development Lifecycle)
• Experience assisting with third-party risk assessments and security control design validation
• Able to deliver quality results in a high-energy/high-pressure environment
• Ability to multi-task and manage demands of many projects, issues, and tasks.
• Ability to perform duties with minimal supervision
• Excellent interpersonal and teamwork skills
• Excellent communications skills, both verbal and written
• Experience performing research and communicating findings to technical and non-technical audience
• Ability to credibly speak with clients regarding requests for information, integration, risk management, and compliance
• Experience technically leading and influencing teams without depending on management authority

What's In It For You 

At FactSet, our people are our greatest asset, and our culture is our biggest competitive advantage. Being a FactSetter means: 

• The opportunity to join an S&P 500 company with over 45 years of sustainable growth powered by the entrepreneurial spirit of a start-up.

• Support for your total well-being. This includes health, life, and disability insurance, as well as retirement savings plans and a discounted employee stock purchase program, plus paid time off for holidays, family leave, and company-wide wellness days.  

• Flexible work accommodations. We value work/life harmony and offer our employees a range of accommodations to help them achieve success both at work and in their personal lives. 

• A global community dedicated to volunteerism and sustainability, where collaboration is always encouraged, and individuality drives solutions. 

• Career progression planning with dedicated time each month for learning and development. 

• Business Resource Groups open to all employees that serve as a catalyst for connection, growth, and belonging. 

Learn more about our benefits here. 

Salary is just one component of our compensation package and is based on several factors including but not limited to education, work experience, and certifications. 

Company Overview: 

FactSet (NYSE:FDS | NASDAQ:FDS) helps the financial community to see more, think bigger, and work better. Our digital platform and enterprise solutions deliver financial data, analytics, and open technology to more than 8,200 global clients, including over 200,000 individual users. Clients across the buy-side and sell-side, as well as wealth managers, private equity firms, and corporations, achieve more every day with our comprehensive and connected content, flexible next-generation workflow solutions, and client-centric specialized support. As a member of the S&P 500, we are committed to sustainable growth and have been recognized among the Best Places to Work in 2023 by Glassdoor as a Glassdoor Employees’ Choice Award winner. Learn more at www.factset.com and follow us on X and LinkedIn. 

At FactSet, we celebrate difference of thought, experience, and perspective. Qualified applicants will be considered for employment without regard to characteristics protected by law.