Job Description

The Enterprise Information security team is looking for a highly motivated Lead Business Information Security Officer (BISO) will serve as the primary point of contact between the cybersecurity function and their assigned business unit(s), region, service line, platforms(s), and/or corporate function The BISO is generally responsible for maintaining a strategic relationship with the specific business unit or function that they are aligned to This is usually done to ensure that cybersecurity is incorporated into the culture of the enterprise / organization / business unit in question A good BISO manages the business and security experience, both internally and externally Within the organization, the BISO serves as a first-point of escalation for commonplace cyber security concerns Externally, the BISO sees to it that partners and other third-parties enjoy working with the security team; that third-parties do not report meeting unfriendly, unhelpful or incomprehensible employees In essence, a BISO provides white glove service and ensures that everyone has a positive experience while working to address security concerns Ask the right questions. A BISO must be naturally curious and even a little suspicious of everything at face value, and get below the surface to a problem or request. Be an information broker. Adopting a researchers mindset, particularly when resolving problems. I hoard references, working notes, and lessons learned, and make a habit of sharing those with others when its appropriate and most relevant. You dont have to have all the answers, but you do need to know where to find them, and who should be looped into a problem to best resolve it. Sometimes asking for help and bringing in other expertise is the answer, too! Be biased towards action (\' \'). This Latin phrase is popular amongst military units, and translates to \'Fortune Favors the Bold.\' BISOs are delegated authority by senior management for a reason -- their expertise and judgment are depended upon to support risk decisions. Make sure I can justify my actions and back up my decision-making with authoritative references. Seek harmony in conflict! If theres any constant for leaders, its having your decisions challenged. BISOs need conflict resolution skills, and the ability to seek unemotional resolutions to challenges that find consensus and bring people to the table to find common ground. There may be times where the right answer for security doesnt mean the right answer for the business as a whole... or vice versa (and most conflict erupts when security MUST override business desire, such as when legal and regulatory compliance are in question). Develop and maintain an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, consumers, data, and customers. Serve as the main contact or adviser for local security as part of IT security role and the IT business partners, infrastructure and architecture as well as finance, HR, legal, and other staff. Acts as a partner with the legal, compliance, and IT resources to establish an effective working relationship that enhances the security program effectiveness. Implementation of the information security policies and procedures across all assigned regions or units. Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the Enterprise Information Security Team Work with BUs to align funding requirements with strategic initiatives Participate in cybersecurity and business-related councils or working groups as necessary Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture Develop an understanding of business goals and reframe risk discussions in business terms Constructively engage business partners regarding cybersecurity issues Establish risk ownership and accountability within the business line Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions Oversees, communicates, and carries out the technical implementations of solutions required for security for the objectives of the business. Identifies and takes action on all non-compliance areas for improvement and facilitates the development and deployment of the solutions. Active engagement with customers and clients to help a company toward objective achievements through representation of the security program, support for external and internal auditing, and helping in the case of a security incident as a main contact for communication. Participating in company/region/unit related meetings and conferences, customer-facing engagement, and industry forums associated as part of the cybersecurity program. Offer reporting on a regular basis on cybersecurity status across the company/region/unit of responsibility. Act as the main contact for escalation of inquiries, security issues, and security issues. Coordinate with Crisis Management and Security Incident Response teams to help drive resolutions for incidents and assist with investigations. Offer guidance for cybersecurity across regions and functions. Act as a driver for remediation activities across the region/unit. Develop a technical roadmap in collaboration with Cyber Security Engineering and Cyber Defense Operations teams. Work with Information Risk Management and Compliance team for policy development and regulatory compliance. Help to translate and implement information security policies. Act to coordinate Service Level Management for cybersecurity and assurance. (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.) BA/BS in a business or technology related field. MBAs are an added benefit, but not required. 5+-8+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery. Experience in working with and preferably leading a global, cross functional team. Experience as a people leader Periodic travel up to 25% to Regional Wabtec facilities CISSP or CISM. Work ethic: sense of ownership, ready to work on unattractive tasks/projects for the benefit of the company Resilience: not to be put down by failure / obstacles / rejection Willingness to invest time and effort into building long term relationships with stakeholders in IT services Critical thinking: looking for improvements, not accepting the way things are done for granted Ability to plan activities for oneself and others, understand dependencies between own work product and inputs to others Analytical ability to dissect a problem and find a root cause Be highly empathic and passionate about creating successful teams and high trust environments. Be experienced in doing this remotely, as our teams are globally distributed. Be driven towards automating repetitive tasks for project teams, project management and scrum domains.

foundit