Business Information Security Officer

Inclusively is partnering with a financial services company to hire a Business Information Security Officer.

ABOUT INCLUSIVELY:

Inclusively is a digital tech platform that connects candidates with disabilities, who may benefit from workplace accommodations, to inclusive employers. This includes all disabilities under the ADA, including mental health conditions (e.g. anxiety, depression, PTSD), chronic illnesses (e.g. diabetes, Long COVID), and neurodivergence (e.g. autism, ADHD). Applicants with one or more of these conditions are encouraged to apply; Inclusively does not require applicants to disclose their specific disability.

The BISO will be responsible for the following:

• Advocating and promoting cybersecurity programs to business and technical partners to support business unit execution of business plans and technology roadmaps, including translation of business requirements into
• Fostering relationships with diverse groups/individuals, negotiate and influence.
• Understanding key BU challenges and advising on practical and cost-effective solutions to help mitigate cybersecurity risks/concerns.
• Provide consultative services related to security risk and controls, security architecture, and security design through collaboration with cybersecurity and other technology teams.
• Establishing and continuously improving executive-level reporting and presentations outlining cyber metrics, cyber risks, risk velocity/trending, and status of defined action plans.
• Leading and/or participating in various working groups, risk forums, and client-facing activities.
• Performing continuous monitoring and tracking of open security conditions and status and provide regular risk updates to senior management.
• Educating business and technology partners on operationalizing cybersecurity policies, standards, procedures, and guidelines.
• Providing, as needed, any audit, regulatory, or incoming due diligence-related support including presentation of Information Security topics during exams, assessments, and incoming due diligence questionnaires.
• Collaborating on key security projects/initiatives, such as incident management, threat modeling, vulnerability management, application security, access management, data security, cloud security, third party assessments, etc.
• Monitoring security incident trends to see opportunities for incident reduction and leveraging threat intelligence to develop proactive cybersecurity initiatives at the BU level.
• May travel minimally for training and ongoing program developments and improvements.

What you have

Required qualifications

• Minimum 7 years of advanced Information Technology experience in large scale environments, in risk management and/or a client facing role.
• Bachelor’s Degree in Computer Science or related field.
• At least 3 years building relationships with internal and external business partners

Preferred qualifications

• Knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, CIS and NIST
• Experience with GRC (Governance, Risk and Compliance) solutions.
• Expertise in information security best practices and technology risk management disciplines, including knowledge and familiarity with a broad range of IT and information security products and technologies such as Network Security, Cryptography, Identity and Access Management, Vulnerability Management, Logging and Monitoring, Cloud Platforms, and Application Security.
• Candidates with IT Audit and financial regulatory experience are preferred.
• Superior attention to detail, focus on quality work delivery, and passion for customer service
• Familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examinations Council, Sarbanes-Oxley Act, HIPAA, GDPR and GLBA.
• Experience with risk metrics, and executive dashboards.
• Excellent analytical & technical skills, able to research problems, determine root causes and solutions.
• A self-starter and able to work independently, as part of a team, and lead working groups, as required.
• Relevant certifications or ability to obtain information security certifications such as CISSP, CCSP, CISA, CISM or CRISC.

Job Type: Full-time

Pay: $116,100.00 - $196,100.00 per year

Schedule:

• Monday to Friday

Work Location: In person