Business Information Security Officer (BISO)-Corporate IT

Responsible for the development, adoption, compliance, and governance of the security strategy, roadmap, and policies that are aligned to the organization’s overall security objectives within Corporate IT (CIT).

The BISO is a senior leader who is the single point of contact for information security related matters within CIT. The BISO works closely with the CIO and is a member of the CIT senior leadership team. The BISO informs, tracks, communicates, and manages security, risk, and compliance of CIT as it relates to Global Information Security (GIS) overarching program. The BISO is also responsible for managing the security requirements of CIT infrastructure and applications. The BISO bridges CIT to GIS and is held accountable for the cybersecurity outcomes within CIT.

Key Responsibilities

• Responsible for maintaining an inventory of CIT cyber risk, vulnerability remediation status, policy violations, endpoint alerts, cybersecurity training, security exception requests, and security architecture for their respective service offerings.
• Responsible to ensure compliance to policies in CIT and to report GIS on a set of KPIs as defined by the CISO on behalf of CIT.
• Coordinate CIT cyber requirements and compliance for things such as pen-testing, audits, or the procurement of cyber security technologies that may be required uniquely to support CIT.
• Accountable for the security health and risk state of CIT.
• Develops executive level intelligence briefing structure and drives implementation of actionable intelligence based on the accepted risk strategy.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with Cybersecurity policies.
• Monitor and evaluate the effectiveness of CIT’s cybersecurity safeguards to ensure that they provide the intended level of protection to Unisys and to the customers.
• Ensure that Security requirements specific to customer projects and implementations are included in all phases of the system life cycle.
• Consult with CIT Architecture, design and development team handling new projects to ensure that Unisys security policies and guidelines and followed.
• Engage with GIS’ Threat Intelligence Security Incident Response Process team to properly address and manage cybersecurity incidents or vulnerabilities in CIT.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during scans, risk assessments, audits, inspections, etc.
• Advise senior management on cost/benefit analysis of information Security programs, policies, processes, systems, and elements
• Be the face of Security within CIT for any internal, external or customer audits
• Understands CIT, strategy, and information security requirements.
• Works closely with GIS, IA and legal teams to improve the security posture, compliance, and risk management for each business unit.
• Promotes information security technology strategy and roadmap across each business unit. Brings requirements and drivers to the enterprise Information Security Risk Management team to influence the development of the information security strategy and roadmap.
• Ensures CIT’s information security solutions and applications are aligned with GIS and business unit needs, as well as good information security methodology.

Provide periodic measurements and KPIs on the implementation of security policy within CIT to GIS

• Bachelor’s Degree or equivalent experience
• 15 years broad and diverse experience across cybersecurity strategy, compliance, operations, security architecture, vulnerability management, and cloud security
• Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
• Experience across multiple industries with expertise handling regulatory issues and risks
• ISACA CRISC or CISM, (ISC)² CISSP or CISSP-ISSMP certifications are a plus
• Risk management experience with demonstrated technical proficiency in applying cybersecurity controls
• Experience overseeing and executing highly complex, cross-organizational initiatives within a large enterprise setting
• Ability to build relationships, influence and drive outcomes across multiple stakeholder groups
• Ability to effectively present complex technical topics to non-technical and technical audiences
• Project management experience highly desired
• Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
• Ability to interpret and apply policies and regulations across a large, complex business
• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker