Business Information Security Officer (BISO)
1-3 year contract
Remote - International travel one week per quarter
We are seeking a polished leader to serve as a Business Information Security Officer (BISO) to advocate for business and cybersecurity. The BISO will lead IT and Global Information Security (GIS) risk management, ensuring compliance with security policies and alignment with NIST CSF standards. This role will collaborate with IT and business leaders to assess risks, implement security programs, and evaluate risks related to applications, systems, and third-party engagements.
Key Responsibilities:
- Act as the primary security contact, working with business and IT leaders to balance risk and reward.
- Lead a team of IT risk managers overseeing information security and third-party risk.
- Guide security programs, providing expertise in major projects and change initiatives.
- Collaborate with Compliance, Legal, and IT to enhance the Information Security Program.
- Conduct and complete risk assessments and ensure compliance with policies, SOX, PCI-DSS, GDPR, and other regulations.
- Develop and onboard risk assessment tools, templates, and processes for transparent reporting.
- Lead discussions on security policy and manage exceptions.
Qualifications:
- Bachelor’s degree in IT, Security, or related field (or non-technical degree with technical experience).
- At least one security certification (CISSP, CCSP, CISM, etc.).
- 7-10 years of experience in Information Security, IT, Risk, or Audit.
- Experience with security controls design and public cloud platforms (AWS, Azure, GCP).
- Strong communication skills and experience in executive-level reporting.
- Expertise in risk frameworks (NIST, ISO, FAIR, etc.) and global privacy laws.
Work Environment:
Up to 25% international travel may be required (once per quarter).
