Combining business acumen with technical knowledge, the BISO improves the information security posture concerning delivering services and partnering with the regional/business unit leadership. The BISO will understand the critical assets and processes, identify, and evaluate risks and controls, and suggest incremental rules or risk mitigation strategies where necessary. Additionally, the BISO will ensure business compliance with Information Security Policies and Standards while continuously monitoring and reporting risks and documented exceptions. The BISO will drive a consistent security posture across the enterprise, coordinating security efforts with other BISOs and the CISO. The BISO helps the business achieve its objectives while not compromising the security posture.
- Develop and maintain an in-depth understanding of region/business unit processes, systems, technologies, data, customers, consumers, partners
- Manage third party supply chain risk management processes for the business unit
- Act as the primary local security contact/adviser for the IT leadership and the IT Business Partners, infrastructure, IT Architecture, HR, Finance, Legal, and other local personnel
- Partner with local Compliance, Legal, IT resources to achieve effective working relationships that can further the effectiveness of the Security program
- Implement the Information Security Policies and Standards across the assigned region/business unit
- Communicate, oversee, and carry out technical implementations of security solutions required to meet business objectives
- Proactively identify noncompliance and areas of potential improvement, and facilitate development and deployment of standard solutions
- Engage with clients and customers to assist the business in achieving its objectives by representing our security program, supporting internal and external audits, helping in customer communication of security incidents, etc.)
- Participate in region/business unit related conferences, client-facing engagement, industry forums to represent the cyber Security program
- Provide regular and timely reporting on the status of cyber security across the region/business unit
- Provide escalation path for security issues, incidents, and inquiries
- Work with Security Incident Response teams to assist in effectively driving incidents to acceptable resolution; assist with investigations as needed
- Provide Cyber Security Guidance across functions and regions.
- Drive remediation activities across region/business unit.
- Collaborate with the Security Operations and Engineering teams to develop a technical roadmap.
- Work with the Security Governance, Risk, and Compliance Management team to drive policy and regulatory compliance.
- Assist in the implementation and translation of information security policies.
- Drive Service Level Management for cyber security and Assurance.
- Advances RAC’s Mission of “Improving the quality of life for our coworkers and our customers.”
- Ensuring the company’s technological processes and service comply with all requirements, laws, and regulations.
- At least 7+ years of experience working with non-technical business leaders to address security and technology challenges.
- Proven ability to drive and influence both the focused business area to adopt the security program and influence the security program to reflect the priorities, limitations, and risks in the business area.
- Extensive knowledge of business risk, risk assessment, and risk-based decision-making.
- Able to communicate security and risk-related concepts to both technical and non-technical audiences.
- Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals, an innovative leader, problem solver, and consultant.
- Ability to provide governance capabilities and subject-matter expertise concerning information security to influence business operations.
- Excellent written and verbal communication, interpersonal and collaborative skills.
- Experienced with contract and vendor negotiations.
- Ability to effectively prioritize and execute tasks in high-pressure situations.
- Knowledge of security, risk, and control frameworks and standards
- Understanding of cloud, SaaS, and IoT architectures and their implications on information security strategy.
- Technical acumen includes but is not limited to OSI, IT infrastructure, cloud, application development languages, tools and frameworks, database technologies, web technologies, next-gen mobile, network architecture, enterprise architecture, and directory services.
- Security technology acumen and experience include but are not limited to: firewall, intrusion detection, cyber-attack tools and defenses, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, multi-factor authentication.
- Ability to handle confidential matters
- Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials.
- Knowledge of common information security management frameworks, such as NIST, 800-53, and Cybersecurity Framework is desirable.
Throughout the COVID pandemic, we have remained unwavering in terms of our commitment to the health of our coworkers and customers. To further maintain a safe work environment, new coworkers should be vaccinated by their start date. RAC is an equal opportunity employer, and will provide reasonable accommodation to those unable to be vaccinated where it is not an undue hardship to the company to do so as provided under federal, state, and local law.