Information Security Business Partner

Job Description

Personality:

• Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once.
• Must have good meeting management and communication skills to keep conversations focused and productive.
• Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
• Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.

Skills:

• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
• Strong understanding of mitigation methodologies and our responsibility as a company to adhere to regulatory requirements pertaining to information security, privacy and/or data security.
• Experience leading through others and rolling out new security controls or programs
• Solid working knowledge of information security concepts and controls.
• Excellent project management skills, with the ability to work within deadlines, juggle multiple priorities, design project plans, and provide project updates.
• Ability to work independently with little direction and/or supervision.
• Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at multiple levels in the organization.
• Keen attention to detail with the ability to correct on the fly and work independently.
• Solid interpersonal and verbal/written communication skills.

Education and Experience:

• Bachelor’s Degree or equivalent experience and at least 5-8 years of directly related experience.
• Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA, ITAR, EAR and similar IT Compliance and Privacy regulations.
• Experience with NIST, ISO and other industry standards.
• Expert user of Microsoft/Google Suite and an eGRC tool.

Other Qualifications:

• Must be a U.S. citizen or U.S. permanent resident.
• Professional certification (CISSP, CISA, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.

Google Form Information

Justification: Why do you need this role? What is the impact? Complex structure and requirements of team/position.

The ISBP is a key part of our Information Security and Governance, Risk, and Compliance (GRC) teams. The person in this role will function as a central Information Security subject matter expert supporting the company teams. They will provide cyber security advice to business partners to effectively manage risk to the business and will validate that security and technology controls are implemented to support business and security requirements.

What are the main responsibilities that your new hire will have?

– Partner with Business Units to identify, analyze and mitigate security risk associated with activities executed throughout the company business.

– Provide security consultation for new and ongoing enterprise initiatives.

– Consult on defining security policies and best practices.

– Educate and build awareness of security requirements.

– Improve compliance with security standards and policies across enterprise teams.

– Participate in testing and monitoring of security and privacy controls executed by the company

– Lead security enhancement projects focused on new or changing technologies.

– Publish executive-level security reporting across governance, risk, and compliance activities.

– Other responsibilities as assigned.

What will this candidate do in the first 90 days on the role and how will you define a candidate’s success?

In the first 90 days, the ISBP will learn company security policies and GRC procedures that will empower them to act as the security subject matter expert. They will also begin attending project meetings and interacting with leadership within the company teams to ensure security is considered at all levels of the department. If security assessments are necessary, they will begin interacting with the teams in order to perform the evaluation of the security posture of the environment and coordinate any remediation requirements.