Director, Business Information Security Officer

Job Summary

The Director, Business Information Security Officer is responsible for providing leadership and operational oversight in safeguarding enterprise information assets. This role is pivotal in delivering the services for information security assurance across third-party suppliers, business applications, cloud platforms and other core technologies, as well as the development and delivery of solutions for the protection of information assets.

As a senior member of the information security team reporting to the CISO, this role leads a team that serves as the key interface between the business, IT, and information security – driving the identification, evaluation and prioritization of information security risks and measuring the progress of the overall information security program through benchmarking and metrics. The position also acts as a trusted representative of the CISO in the delivery of security training & awareness to the organization and contributes to the evolution of the enterprise-wide information security program.

Job Description

The Director, Business Information Security Officer leads a team in identifying and managing information security risks through assessments and cybersecurity risk management processes and owns services for both security awareness & training and information protection. The Director works with and coordinates across business functions, compliance teams, IT, and shared services groups. The Business Information Security Officer’s core responsibilities include :

• Lead cross-functional initiatives to establish and mature cybersecurity risk management processes in collaboration with business and IT colleagues.
• Deliver security assurance services for third-party suppliers, cloud services, and business technologies.
• Manage and mentor a specialized team focused on cybersecurity risk management, cybersecurity assurance, awareness & training / phishing awareness, and information protection.
• Support the CISO in development of an information protection strategy to protect sensitive data from loss, leakage, or unauthorized exfiltration.
• Execute against the information protection strategy through implementation and management of services for information protection, leveraging data loss prevention (DLP) and data security posture management technologies in partnership with business, information security, and IT colleagues.
• Conduct periodic assessments of information handling practices and work with colleagues to classify and identify vital information and apply controls that mitigate risks.
• Monitor emerging threats and regulatory changes related to information / data protection.
• Support the CISO in establishing and reporting on metrics for key risk indicators (KRIs) and key performance indicators (KPIs) that measure the effectiveness of the information security program.
• Conduct periodic benchmarking to assess information security maturity and recommend enhancements.
• Develop and communicate training and awareness on security best practices throughout the organization.
• Manage the ongoing delivery of phishing campaigns and responses to phishing alerts in coordination with the cybersecurity operations team.
• Remain current on information security frameworks, guidance, best practices, and regulatory requirements impacting the pharmaceutical industry.
• Collaborate deeply with peers in Security Operations and Information Security Architecture, taking an integrated approach to managing and reducing cyber risk across the organization.

Qualifications / Required

Knowledge / Experience and Skills :

Educational Qualifications