Listing Description
The BISA is responsible for supporting an IT wide information security management program along with Cybersecurity team, to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The position requires an expert with sound knowledge of information security technologies and a working knowledge of business management. The BISA will proactively work with IT towers/units to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of IT-related risk management activities. The BISE serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. The BISA must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.
The BISA's role is to act as an interface between the Management's strategic and process-based activities and the work of the technology-focused analysts, engineers and administrators in the IT organization. The BISA must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as report on ongoing performance.
The BISA coordinates the IT organization's technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports to management. While the BISA is an expert of the security program, he or she must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that security is just one of the business's activities.
Expertise in leading project teams and developing and managing projects is essential for success in this role. The BISA must be able to prioritize work efforts — balancing operational tasks with longer-term strategic security efforts. Other project management tasks will include resource balancing across multiple IT and security teams, task prioritizing and project reporting. Vendor relationship management — ensuring that service levels and vendor obligations are met — is also an important aspect of the position.
Responsibilities
- Security liaison
- Architecture/engineering coordination
- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
- Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
- Be knowledgeable and keep updated and publish up-to-date information security policies, standards and guidelines.
- Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
- Work directly with the IT units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk
- Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program.
- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Create a framework for roles and responsibilities for main players
Education & Experience Recommended
- Four-year or Graduate Degree in Computer Science, Information Technology, or any other related discipline or commensurate work experience or demonstrated competence.
- Typically has 4-7 years of work experience, preferably in IT projects, process improvement, or a related field or an advanced degree with 3-5 years of work experience.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided