Business Information Security Officer

About This Role

The Business Information Security Officer acts as the second-in-command to the CISO, strategically linking business divisions with Information Security & Technology teams. This role ensures security practices align with business objectives and provides leadership in security oversight.

Responsibilities

• Act as the primary point of contact between business divisions and the Information Security function
• Understand division-specific processes, technologies, and operating risks to proactively identify security needs and opportunities
• Translate security and regulatory requirements into actionable recommendations that support business goals without undue complexity
• Partner with business leaders to embed security considerations into strategic initiatives, vendor engagements, and product planning
• Support risk assessments, control reviews, and mitigation plans across assigned business areas
• Monitor and escalate security risks, vulnerabilities, and compliance gaps to the CISO and appropriate governance committees
• Support third-party risk assessments, ensuring vendor relationships meet required security standards
• Assist in the development and refinement of bank-wide policies, standards, and procedures
• Support division-specific security training, including phishing, data protection, incident response roles, and regulatory compliance
• Support the CISO and Incident Response Team during security incidents, ensuring clear communication, coordinated action, and proper documentation

Requirements

• Bachelor’s degree in information security, Information Technology, Business, or related field
• Minimum of 10 years of experience in information security with leadership in security roles
• Minimum of 7 years of experience in risk management, IT governance, or related fields
• Strong understanding of cybersecurity frameworks (NIST CSF, ISO 27001), regulatory requirements (GLBA, FFIEC), and risk management practices
• Exceptional communication skills with ability to explain technical concepts in business terms
• Demonstrated ability to build relationships, influence stakeholders, and drive alignment
• Analytical and strategic mindset with strong problem-solving capabilities

Qualifications

• Bachelor’s degree in information security, Information Technology, Business, or related field required; Master’s degree preferred.
• Minimum of 10 years of experience in information security, with a proven track record of leadership in security roles, and minimum of 7 years of experience in risk management, IT governance, or related fields.

Nice to Have

• Master’s degree
• Experience working within banking and/or financial services or other regulated industries

Skills

* Required skills

Benefits

Certifications