This site uses cookies. To find out more, see our Cookies Policy

Business Information Security Officer - Technology Risk in Charlotte, NC at Vaco

Date Posted: 8/9/2018

Job Snapshot

Job Description

Business IT management professionals, take your career to the next level by bringing your technical and leadership expertise to some of the nation's top companies. Let Vaco serve as your advocate in presenting you to clients who are looking for IT Managers. Our recruiting staff gives you an advantage over your competition by promoting your strengths and assets directly to hiring managers while helping you to be more prepared for your interviews.

From keeping you up to date on market trends and industry expectations, to providing you with valuable insight into the company's culture, compensation expectations and growth opportunities of specific clients, Vaco will give you the edge you need in today's highly competitive job marketplace. If you have a strong technology and leadership background and are ready for a rewarding new challenge, let Vaco help you to make it happen. Apply today!

Position Description

The Business Risk & Security Officer (BRSO) functions as the security liaison within their area of responsibility. This role will have dual reporting structure, direct line reporting into the Deputy CISO and dotted line reporting into the business unit CIO and is responsible for ensuring that the specific business appropriately aligns with the business area risks and the Information Protection & Risk Management (IPRM) Information Security Program.

The BRSO team members assist in the review, development, testing and implementation of security plans, products and control techniques, including enhancement of existing processes and service offerings. The BRSO serves as the trusted advisor, both to the business unit and to the Deputy CISO. This role will liaise between the business unit and IPRM, communicating on upcoming security initiatives and reporting on security risks to the CISO and appropriate committees. The BRSO will also participate in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points. In addition, this role will partner with business line risk teams to ensure the business line maintains adherence to Information Security and Information Technology Policies and Standards through continuously monitoring and reporting on risks and documented exceptions.

Job Responsibilities

Oversee the execution of Information Security Risk Management practices across each area of responsibility to include transparent reporting of risks and remediation plans at the business unit level and overseeing the integration of security risks within the enterprise operational risk framework.

Support the execution of the Information Security Standards across all applications and systems within each Business Unit.

Promote corporate cyber security awareness programs and the implementation of security awareness concepts locally, customizing communications to be suitable for the business.

Support the Business Unit and Deputy CISO in seeking appropriate solutions to manage business objectives and costs while achieving security goals


Provide input into the Enterprise Information Security Program Review and provide input into the Information Security Policy and Standards Ensure clear lines of communication between Business Unit CIOs and the Chief Information Security Officer Ensure reporting is established on the state and efficacy of security controls for the business unit projects and platforms Ensure ongoing security support for projects, and evangelizing security awareness across the Business Unit

Key Success Criteria

Increased levels of security across designated Business Unit Increased rates of IT risk identification Improved compliance with security standards and policies across Business Unit teams. Greater awareness of information security requirements Adoption of Enterprise Information Security Standards throughout the business environment


Bachelor's degree in Information Security or relevant field of study heavily preferred CISSP or CISM desired 5 to 10 years or more of progressive experience in an information security or related role High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions Experience in vulnerability assessment, security incident response, application security Evaluating threats/risks posed by new technologies spanning networks, hardware, software, etc. Understanding of analyzing and responding to advanced cyber threats, technology risk and the motivation/attack vectors of each threat Experience in implementation of information security strategy, including compliance with industry best practices and regulatory requirements. Excellent verbal and written communication skills. Ability to communicate with business leaders, users and tech-savvy stakeholders. Create reports and analyze reports for a diverse group of stakeholders Ability to take ownership of an initiative/issue thru completion Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and data security Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams Ability to interpret and apply policies and regulations across a large, complex business Analytical aptitude with an emphasis on investigative, methodical and critical questioning and logical thinking; a data-driven decision maker Ability to coordinate across teams, create project and action plans, and determine required resources to get a job done