Business Information Security Officer (BISO)

Elsevier • Full-time • Philadelphia, PA, US • 8h ago

BISO-Business Information Security Officer

About our Team

This growing team delivers outcomes, longer-term improvements and benefits that are measurable and impact the achievement of organization goals. This includes managing complex and critical issues, creating strategies and charting a course for global Cyber progress.

About the Role

As a BISO, you will be responsible for planning, organizing, and executing enterprise-wide information and security initiatives. You will deliver long-term improvements and benefits impacting our organizational goals focusing on risk management and cybersecurity defenses.

Responsibilities

Driving information and infrastructure security awareness and governance deep into the organization. This will involve aligning Business & Technology units with enterprise cybersecurity programs and objectives
Providing a critical liaison role between the business unit and the Elsevier Cyber Security organization. This includes enhancing the level of collaboration and effective communications with key stakeholders/business units.
Managing the oversight of technical risk assessments, such as vulnerability scanning, penetration testing, risk reviews for new applications, and third-party risk assessments. Leading, monitoring and managing security projects; provide expert guidance on security matters for other IT projects.
Defining the information and infrastructure security utilizing a risk-based approach. Develop goals, training recommendations, strategies, plans, and success criteria needed to achieve the vision
Developing and report cyber security metric scorecards to reflect the level of adoption and compliance to security policies/standards. Tasked with the remediation of vulnerabilities, and residual risks.
Managing the oversight of technical risk assessments, such as vulnerability scanning, penetration testing, risk reviews for new applications. Leading, monitoring and managing security projects; provide expert guidance on security matters for other IT projects
Providing leadership and direction for the integration of security strategy and architecture with business and IT strategy. Evaluate and design the implementation of new or updated information security hardware or software. Analyze its impact on the existing environment.

Requirements

Currently in a BISO role now. We are not looking to hire a CISO.
Demonstrate an ability to effectively collaborate and communicate with multiple technical functions such as security, infrastructure, operations, software engineering.
Illustrate expert knowledge and experience areas of Cyber Security involving incident response, risk, and governance. This would involve being able to imagine and create innovative approaches, strategies and develop security programs.
Demonstrate extensive understanding of Information Security compliance and governance frameworks such as NIST, ISO27001.
Have extensive experience in problem-solving involving leading teams in identifying, researching, and coordinating the resources necessary to effectively. Such as Troubleshooting/diagnosing complex project issues, prior success extracting/translating findings into alternatives/solutions. identifying risks/impacts, and schedule adjustments to facilitate management decision-making.