Overview

Summary of Responsibilities: The BISO functions as the central information security advocate for the assigned business division. They will provide cyber security risk advice and consultation to business partners; enable businesses to effectively manage risk within the company’s risk appetite and meet business objectives. The BISO will facilitate communication and execution of enterprise wide information security programs, deliver enterprise awareness training and promote corporate cyber security awareness activities. They will support the businesses risk assessment of system applications, third parties and infrastructure and validate that security and technology controls are implemented to support business requirements. In addition, they will coordinate business continuity and disaster recovery plans and lead testing of plans and other scenario based exercises. They will achieve results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types. The BISO will manage the development and/or implementation of significant or Bank-wide Technology Controls / Information Security strategies, policies, programs, tools and provide expert advice and guidance on technical solutions. They will oversee control and governance activities and identify and assess potential security risks, breaches/ exposures impacting highly complex / high risk businesses or transformational (change the bank) strategic initiatives primarily interfacing with executive and/or functional stakeholders across the Bank. The BISO is accountable for always doing the right thing for customers and colleagues, and ensures that actions and behaviors drive a positive customer experience.

Essential Functions:

  • Strategy and Policy Compliance – Work with LOBs to ensure cyber security related requirements and funds are included in strategic initiatives
  • Strategy and Policy Compliance – Drive cyber security specific strategic initiatives through assigned LOB areas
  • Strategy and Policy Compliance – Ensure LOB compliance to IT/Security related policies and standards
  • Strategy and Policy Compliance – Develop security policies/standards/procedures specific to assigned LOB area
  • Strategy and Policy Compliance – Assist with the adherence of information security policies, standards and procedures. Advise on deviation control alternatives, such as compensating controls, and assist with standard exception process
  • Strategy and Policy Compliance – Approve and manage exceptions to policies and standards for assigned LOB area
  • Strategy and Policy Compliance – Lead issues management activities (audit, Federal Reserve, self-identified, etc.)
  • Access Management – Develop the appropriate LOB security roles for access to Bancorp assets. Approve unique LOB access requests
  • Access Management – Coordinate and execute regular review of access for DSAs for LOB
  • Access Management – Approve elevated access (USB/CD, PC Admin, Level 1, etc.)
  • Access Management – Manage annual access review for LOB
  • Data Protection – Drive data protection strategy and initiatives through assigned LOB areas
  • Data Protection – Create and manage inventory and control of all repositories that house high risk data (PCI, PII, HIPAA)
  • Data Protection – Develop and manage DLP parameters specific to LOB areas
  • Business Continuity – Coordinate and develop business continuity and disaster recovery plans and lead testing of plans and other scenario based exercises
  • Business Continuity – Lead scenario analysis and testing specific to LOB
  • Business Continuity – Lead regular testing of high-risk applications and processes
  • Education and Awareness – Promote corporate cyber security awareness activities and implement security awareness concepts locally, customizing communications to be suitable for the business
  • Education and Awareness – Ensure 100% completion of all required security training for assigned LOB
  • Education and Awareness – Lead security-based training that is specific to LOB
  • LOB Partnership – Serve as key contributor to LOB NPBA and Change Management process and TPRM
  • LOB Partnership – Manage security exceptions to contract language during negotiation
  • LOB Partnership – Ensure compliance with policy and standards for LOB Marketing areas (communications, websites)
  • LOB Partnership – Act as point of contact for providing responses to RFP received by LOB from potential customer

Requirements:

  • Education: Bachelor’s Degree or equivalent experience and a minimum 5-9 years of prior relevant experience.
  • Advanced Information Security Certification (ISACA or equivalent). Active SANS certification in the areas of network, malware and forensic analysis (GREM, GCIA, GCFA, GCIH).
  • Technical Qualifications –
    • Advanced skills with MS-Windows and other related PC applications
  • High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
  • Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
  • Ability to interpret and apply policies and regulations across a large, complex business
  • Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
  • Project management experience highly desired
  • Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
  • Possess a working knowledge of the activities within the lines of business; in-depth banking knowledge preferred

Working Conditions:

  • Extended working hours may be required as dictated by management and business needs.
  • Travel to multiple facilities may be required.
  • May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
  • May be required to sit and review information on a computer screen for long periods of time
  • May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard
  • Corporate / satellite office role

Employer’s Rights:

This job description does not list all the duties of the job.  You may be asked by your supervisors or managers to perform other duties.  You will be evaluated in part based upon your performance of the tasks listed in this job description.

The employer has the right to revise this job description at any time.  This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.