The Information Security Officer (ISO) will be part of a team of ISOs responsible for ensuring the security of the business and functional teams in line with company security policy and risk tolerances. The ISO will be aligned to the Global Cyber Security as part of the Global Governance, Risk, and Compliance team.
This role will report directly to the Senior ISO Global Technology Services.
This role will be based in Poland.
What you will be responsible for:
The ISO is a trusted adviser to the BU Leadership to help drive remediation actions. The ISO will be critical personnel for the effective engagement of Information Technology and Business leadership to embed security into their strategic and tactical plans. This ability to help the ISO drive the implementation of security requirements within the overall business unit. The ISO will also be expected to drive innovation within the business through enhancement to education learning opportunities for the business. Lastly, for continued expertise in the role, this position will be required to stay abreast of new and upcoming security trend within the industry. This will provide additional support to the Senior ISOs.
- Influencing actions without authority to achieve security outcomes.
- Actively promote and deliver on the ISO program and its mission.
- Collaborate with Global Cyber Security and business partner teams to ensure alignment addressing security policies in their products and services.
- Create visibility through effective metrics and reporting.
- Participate actively in decision making with engagement management and seek to understand the broader impact of current decisions.
- Create and deliver effective presentations as a means for communicating project and deliverable progress.
- Build and nurture positive working relationships with clients with the intention to exceed client expectations.
- Ability to give presentations at all levels and diverse audiences.
- Work cross-functionally with team members to support and enhance collaborative environment.
- Positioning security within the business with the ability to communicate in non-technical terminology.
- Manage the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
- Partner with BU Leadership to identify, evaluate, and address cyber security risks.
- Ensures and monitors security compliance with industry and government rules and regulations.
- Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- Report security performance against established security metrics.
- Promote information security awareness program to ensure staff members across the organization understand the trade-off between risk and return.
- Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns by end users so that policy can align with need.
- Operate as the primary intake point for BU and Global Cyber Security communication.
- Delivery of effective security outcomes that drives improvements of security within the business.
- SMART mechanisms that symbolize success of Security adoption within the BUs.
- Development of Forum based security communication channels.
- Reach target KPI success metric goals.
- Operate at the BU Leadership dotted line level.
Other key relationships:
- Information Security Officers
- Business and Functional Technical Leaders
- Cyber Transformation Office
- Collaboration with 3LOD – Compliance, Risk Management, Corporate Audit
- Regional CISO
Education & Preferred Qualifications
- English speaking at the business level a must.
- 7+ years of experience in information security, preferably in a risk management capacity.
- Project Management experience leading small and medium sized teams to successful completion.
- Modern technical understanding and experience developing and implementing innovated techniques to delivering cost efficient security solutions.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans, or behaviors
- Ability to react to high pressure dynamic changing environments
- Nice to have: Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM)
- Highly regulated environment experience, preferably financial services.
- Bachelor’s degree in a technical field
Critical Leadership Capabilities
- Driving results
- Strategic Thinking
- Collaborating & Influencing
- Change Management
- Senior Executive communication