Business Information Security Officer (BISO) is the information security program owner for their assigned business segment. The BISO provides assigned business division with overall information digital security leadership. Is the central information security advocate for their assigned business division(s). Is an expert at The Company’s information security program capabilities such as security policies, and technical security solutions. Advises business stakeholders on the company’s security protections, customer security requirements, and regulatory security controls with the objective of minimizing the businesses’ information risk exposure and achieving secure business enablement.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Engages assigned business as the central point of contact for information security and advocates security control needs of assigned business while also advocating for the company’s security initiatives and controls deployment. Stays knowledgeable about the company’s technical controls and advocates for the technical security control needed by assigned business and applies knowledge of company’s technical control capabilities.
- Promotes corporate security awareness activities and implements security awareness concepts locally for assigned business and customizes communications to be suitable for local language and culture.
- Promotes and evangelizes the company’s IT Security Policies and Standards. Advises stakeholders on security deviation control alternatives, such as compensating controls, and leads stakeholders through the policy deviation process.
- Provides security consulting and advice for Mergers & Acquisitions by performing on-site or remote security risk assessments and writing report of findings and recommendations in terms suitable for the business to make informed data and computer security risk decisions.
- Presents monthly security status report for assigned business to stakeholders such as the CISO, CIO(s), CTOs, and IT Managers. Presents executive-level communications regarding the state of security for assigned business.
- Provides security consulting and advice for customer audits, regulatory audit, technical vulnerability assessments (TVAs) and other security-related audits. Reviews and analyzes security components of audit plans and applies knowledge and expertise of IT Security policies and locally deployed security processes and procedures to ensure a successful audit outcome. Provides leadership for remediation activities and assembles necessary resources to ensure successful remediation results.
- Advises stakeholders on incident investigations and champions stakeholders through the security incident process.
- May perform other duties and responsibilities as assigned.
- Expert in U.S. and international security and privacy regulations such as CMMC, DFARS, HIPAA, CCPA, , GDPR, etc.)
- Expert in security industry standards (SIS) and able to apply SIS to unique business and information technology situations. (i.e. ISO-27001, NIST, ITIL Security Management, PCI-DSS)
- Expert knowledge of customer security requirements and company’s obligation for protecting customer information assets in company’s care.
- Able to create and implement methodologies to support BISO security consulting and advisory services.
- Able to build positive relationships and rapport with customers and Jabil teams (i.e. Business stakeholders, IT
- Security Teams, IT Managers/Directors, IT Network Team, Legal Team, etc)
- Experience in ensuring processes/people are in place to support area of responsibility.
- Ability to work effectively under pressure with constantly changing priorities and deadlines
EDUCATION & EXPERIENCE REQUIREMENTS
- Required: Bachelor's Degree. Prefer a degree in a technical field such as Information Security, Management Information Systems, Computer Science, or Engineering. Or...
- Or an equivalent combination of education, training or experience (6 to 8 years) in a relevant IT position OR equivalent external work experience, including at least 4 years experience in a supervisory or management role within an Information Technology department.
- Preferred: Security Certification: CISM, CISSP, CISA.
- Preferred: 3 plus years successful work experience as a BISO
· Regular business hours. Some additional hours may be required.
· Travel requirements: Domestic and/or International, up to 50%.
· Climate controlled office environment during normal business hours.
Unusual hearing or vision demands: None specified
^Other physical demands or notes: Employees should not attempt to lift, pull or push a load in excess of 50 lbs. without assistance. Care should always be taken when lifting, pushing or pulling in an awkward position.