Business Risk and Security Officer
- Job Title
- Business Risk and Security Officer
- Job ID
- Detroit, MI
- Other Location
Business Risk and Security Officer
The Business Risk & Security Officer (BRSO) functions as the security liaison within their area of responsibility. This role will have dual reporting structure, direct line reporting into the Deputy CISO and dotted line reporting into the business unit CIO and is responsible for ensuring that the specific business appropriately aligns with the business area risks and the Information Protection & Risk Management (IPRM) Information Security Program.
The BRSO team members assist in the review, development, testing and implementation of security plans, products and control techniques, including enhancement of existing processes and service offerings. The BRSO serves as the trusted advisor, both to the business unit and to the Deputy CISO. This role will liaise between the business unit and IPRM, communicating on upcoming security initiatives and reporting on security risks to the CISO and appropriate committees. The BRSO will also participate in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points. In addition, this role will partner with business line risk teams to ensure the business line maintains adherence to Information Security and Information Technology Policies and Standards through continuously monitoring and reporting on risks and documented exceptions.
- Oversee the execution of Information Security Risk Management practices across each area of responsibility to include transparent reporting of risks and remediation plans at the business unit level and overseeing the integration of security risks within the enterprise operational risk framework.
- Support the execution of the Information Security Standards across all applications and systems within each Business Unit.
- Promote corporate cyber security awareness programs and the implementation of security awareness concepts locally, customizing communications to be suitable for the business.
- Support the Business Unit and Deputy CISO in seeking appropriate solutions to manage business objectives and costs while achieving security goals
- Provide input into the Enterprise Information Security Program.
- Review and provide input into the Information Security Policy and Standards.
- Ensure clear lines of communication between Business Unit CIOs and the Chief Information Security Officer.
- Ensure reporting is established on the state and efficacy of security controls for the business unit projects and platforms.
- Ensure ongoing security support for projects, and evangelizing security awareness across the Business Unit.
Key Success Criteria
- Increased levels of security across designated Business Unit.
- Increased rates of IT risk identification.
- Improved compliance with security standards and policies across Business Unit teams.
- Greater awareness of information security requirements.
- Adoption of Enterprise Information Security Standards throughout the business environment.
- Bachelor's degree in Information Security or relevant field of study heavily preferred CISSP or CISM.
- Desired 5 to 10 years or more of progressive experience in an information security or related role.
- High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions.
- Experience in vulnerability assessment, security incident response, and application security.
- Evaluating threats/risks posed by new technologies spanning networks, hardware, software, etc. Understanding of analyzing and responding to advanced cyber threats, technology risk and the motivation/attack vectors of each threat.
- Experience in implementation of information security strategy, including compliance with industry best practices and regulatory requirements.
- Excellent verbal and written communication skills.
- Ability to communicate with business leaders, users and tech-savvy stakeholders.
- Create reports and analyze reports for a diverse group of stakeholders.
- Ability to take ownership of an initiative/issue thru completion.
- Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and data security.
- Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams.
- Ability to interpret and apply policies and regulations across a large, complex business.
- Analytical aptitude with an emphasis on investigative, methodical and critical questioning and logical thinking; a data-driven decision maker.
- Ability to coordinate across teams, create project and action plans, and determine required resources to get a job done.