Business Information Security Specialist

The Business Information Security Specialist assumes a multifaceted role, not only leading action-driven discussions on risk-related matters but also providing governance support and offering business consulting expertise across diverse lines of business. Armed with profound technical acumen in cybersecurity and bolstered by refined sales and presentation skills, the Specialist adeptly conveys the intricacies of risk implications, compelling decisive action within both business and technology & operations domains.

Serving as the central point of contact for engaging lines of business on Enterprise Security initiatives, the incumbent effectively communicates the risk dashboard and collaborates closely with risk leaders to optimize risk management strategies. Moreover, the Specialist plays a pivotal role in aligning business objectives with risk mitigation efforts, ensuring a harmonious integration that fosters a secure business environment safeguarding sensitive information.

In addition to their pivotal role in risk management, the Specialist also extends their expertise to provide governance support by developing and maintaining information security policies, standards, and procedures. They oversee compliance efforts, conduct risk assessments, and lead incident response efforts. Furthermore, they offer business consulting responsibilities by advising stakeholders on security best practices, assisting in strategic planning, and ensuring that security measures align with overall business goals and regulatory requirements. Through their comprehensive approach, the Business Information Security Specialist ensures that the organization remains resilient against evolving threats while fostering a culture of security and compliance across all levels of the enterprise.

Position Responsibilities:
Governance Support

• Develop, maintain, and champion security governance frameworks involving the business.
• Lead business security updates for lines of business during committee and organizational meetings.
• Assist business with regulatory compliance to applicable laws and security regulations.
• Compare proposed business solutions to applicable policies and procedures during project engagements.
• Provide expert guidance in support of development, maintenance, and enforcement of information security standards and procedures.
• Participate in line of business regulatory audits as primary Enterprise Security expert.
• Provide expert advocacy on compliance with security policies throughout the business units.
• Present relevant Key Risk Indicators to lines of business.

Line of Business Risk Liaison

• Participate as stakeholders in business initiatives and lead Enterprise Security strategy within those initiatives.
• Conduct regular risk and metrics updates with senior business leaders.
• Primary point of contact for Enterprise Security initiatives requiring business engagement.
• Assist in coordinating responses to security incidents involving the business, ensuring a timely and effective resolution.
• Enforce Enterprise Risk Management best practices throughout the business lines in relation to security issues.
• Emphasize the business unit's role in identifying, escalating and debating security risks to business unit processes and data.
• Exhibit relevant data points to business unit leaders which measure security risk.
• Lead difficult conversions to drive process enhancement and risk reduction within lines of business.

Business Consulting

• Analyze the threat and risk landscape to communicate key risks to lines of business.
• Provide expert cyber and risk guidance and consultation to business unit leaders.
• Be an advocate for security, enterprise risk management and regulatory compliance.
• Align line of business unit and enterprise security strategy to best manage risk.
• Work closely with technology and business units to integrate security measures into projects and operations.
• Participate in conducting regular security audits and assessments.
• Assist business with addressing assessment and incident findings.
• Marshall line of business resources and support to effect cyber security strategy.

Security Awareness

• Advance culture of security awareness within the broader enterprise.
• Measure and reduce risk within the line of business through employee awareness training.
• Identify areas within business lines for risk reduction and champion a culture of improvement.
• Represent the Enterprise Security team as business-facing risk managers.

Position Qualifications:

• Bachelor's Degree from an accredited university in Computer Science, Engineering, or in a Cybersecurity/Technology related field OR equivalent through a combination of education and/or Cybersecurity/Technology experience OR 12 years of Cybersecurity/Technology experience
• 8 years of experience within Cybersecurity teams
• 6 years of experience in risk management
• 5 years of experience articulating complex topics with executive leaders
• 5 years of experience with common security and risk frameworks such as ISO 27001, NIST CSF, and COBIT 5
• 5 years of experience mediating between technology and business teams
• 5 years of experience in technology within financial services

Licenses/Certifications:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified Risk and Information Systems Control)