Business Information Security Officer
Job Id : 7586
Jobtitle : Business Information Security Officer
Location : Newark, NJ
Company Name : Synergistic Systems Inc (dba SynergisticIT)
Industry : Information Technology
Salary : $18,000 - $108,000 YEAR
Job type : Fulltime
Posted on: 2019-11-21
Required Skills : Mitigation, Cost-Benefit Analysis, Risk Management, Vulnerability Assessment, Legislature, Deployment, Hardware, Malware Analysis, Business Management
Benefits : No benefits are available
The Business Information Security Officer (BISO) will face off to various levels of stakeholders across the enterprise to ensure that the enterprise-wide vision, strategy, architecture, policies and programs set forth by the Chief Information Security Officer are correctly implemented in the supported business unit. The BISO will also maintain an understanding of the challenges facing healthcare; information technology (IT) systems are secure, and security and business continuity risk/reward decisions are balanced, as well as comply with external regulatory and legislative requirements. The incumbent will support an information privacy and security-conscious culture within the business unit. Support information security initiatives, monitoring and auditing of compliance with regulatory and internal standards including investigations related to policy violations, security breaches and computer crimes. Be an advocate for security and privacy at all relevant business unit meetings and functions.
- Embed as part of the business to ensure information risks are identified, assessed, mitigated and controlled through the deployment of a sustainable information security risk management program.
- Work with the business and enterprise security to recommend changes, enhancements or additions to the security controls of business applications that will enhance the Information Security profile of the organization's processes.
- Advocate for business unit requirements in all matters related to cybersecurity risk.
- Advise business unit senior management on risk levels and security posture, as well as advises business unit senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements directly impacting their division or enterprise.
- Counsels appropriate business unit senior leadership of changes affecting the organization's cybersecurity posture, and communicate the value of information and cyber security throughout all levels of the organization stakeholders.
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
- Collaborate with matrix model leadership to develop strategic objectives for the company.
- Proactively monitors the regulatory environment for emerging requirements that will affect the information security program and initiatives.
- Directs the coordination of changes in business, technology, and threat environments and develops strategies for addressing new risks to systems and information.
- Facilitates the implementation of controls to protect the infrastructure from intrusion and from damage caused by malware and other threats.
- Coordinates the execution of an incident management process with business unit stakeholders that ensures timely detection, containment, and eradication of threats; recovery from resulting damage; and corrective action to minimize the risk of future incidents.
- Consult with IT to ensure that security is factored into the evaluation, selection, installation and configuration of relevant business unit hardware, applications and software.
- Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).
- Skill to use critical thinking to analyze organizational patterns and relationships.
- Deep information security management and broad technical security knowledge.
- Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives; particularly HIPAA, NIST, and HITRUST.
- Ability to relate strategy, business, and technology in the context of organizational dynamics.
- Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
Subject matter expert in:
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- Knowledge of cyber-security principles.
- Knowledge of cyber threats and vulnerabilities.
- Bachelor's degree in a technical discipline or business management discipline required; a degree in Computer Science, Computer Engineering or Information Technology is preferred
- Master's Degree in Computer Science, Computer Engineering, Information Security / Assurance, or related field preferred.
- ISACA Certified Information Security Manager or Certified Information System Security Professional required
- At least 5 years of information and cyber security experience is required.
- At least 6 years experience with management approaches, tools, and techniques for gaining the cooperation and support of others.
- At least 5 years of leadership in heavily regulated organizations (e.g. Healthcare, Financial Services, or Federal Government).