I am working with my client on an exclusive partnership to hire a BISO to join their dynamic Security team.
As the Business Information Security Officer (BISO), you will play a crucial role in safeguarding organization's sensitive information and ensuring compliance with relevant regulations and standards. You will oversee all aspects of information security within the company, including policy development, risk assessment, security awareness training, incident response, and regulatory compliance.
Key Responsibilities:
Develop and Implement Information Security Policies: Design, implement, and maintain comprehensive information security policies, procedures, and guidelines to protect the organization's data assets.
Risk Management: Conduct regular risk assessments to identify potential vulnerabilities and threats to the organization's information systems. Develop and implement strategies to mitigate identified risks effectively.
Security Awareness Training: Design and deliver security awareness training programs to educate employees about their roles and responsibilities in maintaining information security. Foster a culture of security awareness throughout the organization.
Incident Response: Establish and maintain an incident response plan to effectively respond to and manage security incidents and breaches. Lead incident response efforts, including investigation, containment, and recovery.
Compliance Management: Ensure compliance with relevant information security regulations, standards, and frameworks, such as MAS TRM, and Cyber Hygiene notice. Monitor changes in regulations and update policies and procedures accordingly.
Vendor Risk Management: Evaluate the security posture of third-party vendors and partners and ensure that appropriate security measures are in place to protect the organization's data when working with external parties.
Security Audits and Assessments: Coordinate and oversee internal and external security audits and assessments. Collaborate with auditors to address any identified vulnerabilities or deficiencies.
Security Incident Reporting: Prepare and present regular reports on the organization's information security posture, including incident trends, compliance status, and remediation efforts, to senior management and relevant stakeholders.
Security Governance: Establish and chair a security governance committee to provide oversight and guidance on information security initiatives and ensure alignment with business objectives.
Security Technology Evaluation: Evaluate new and emerging security technologies and tools to enhance the organization's security posture. Make recommendations for the adoption of appropriate technologies based on risk assessments and business needs.
Qualifications:
Bachelor's degree in computer science, information technology, or a related field. Advanced degree or relevant certifications (e.g., CISSP, CISM, CISA, GIAC) preferred.
At least 8 years of proven experience in information security management, including policy development, risk assessment, incident response, and compliance management within the Financial Services industry.
Strong understanding of information security principles, standards, and best practices.
Excellent communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.
Strong leadership and project management skills, with the ability to lead cross-functional teams and drive initiatives to completion.
Knowledge of relevant regulations and compliance requirements, such as MAS TRM and Cyber Hygiene notice.
Experience with security technologies and tools, such as firewalls, intrusion detection systems, SIEM solutions, and vulnerability management tools.
If you are passionate about information security and have the skills and experience to excel in this role, we would love to hear from you!