The Lead BISO will report to the Group CISO, jointly they will deliver the defined security strategy ensuring continuous improvement in both security and risk posture as well as the delivery of security services and the security change portfolio. The Deputy CISO will attend governance committees, at all levels in the organisation, on behalf of the CISO as and when required, as such will need to be able to demonstrate technical depth, risk management capabilities and effective stakeholder management.
Working as the Lead BISO you will have strategic ownership of business and client facing security capabilities. The role will lead on embedding security practises across technology and the wider organisation as well as embedding an “enabling” culture. Designing a structure to support all lines of business horizontally, developing both indepth technical security support for application teams as well as commercially aware security advisors with high levels of business intimacy.
The Lead BISO will have in depth knowledge of all Security functions and will be able to demonstrate deep understanding of security domains such as Cyber Defence and Cyber Offence enabling them to both lead and guide the team, as well as effectively challenge the Security “Run” services on behalf of the business.
The Lead BISO will also own the delivery of a programme of work covering regular and mandatory reporting of control effectives for external parties including SoX, SOC2 as well as the relationship with external auditors from a cyber security perspective. Demonstrable awareness of the changing regulatory environment and geographic considerations is essential as this will inform strategic decisions.
This role is part of Information & Cyber Security Leadership Team and resides within Corporate IT, reporting to the Global Chief Information Security Officer.
The Role
Responsible for overseeing and coordinating, at a day-to-day level, activities for the team that will provide the following operational services and teams:
• Business facing Security Enablement
• Application security support
• Country Specific Security Support
• Security awareness and communication
• Control testing in support of regulation and audit
• Client facing Security subject matter experts
Additionally, as required oversight and leadership of the wider security services and team. Including the ability to lead, direct and manage across both security and technology during a major cyber incident in a calm and authoritative manner.
Collaborate with peers across Technology and the wider enterprise as well as within Information and Cyber Security to facilitate the effective operation and improvement of the function as a whole
Manage effectively key senior stakeholders including Business Executive and Board Level
Lead Cyber Security the programmes of work redefining security culture and cyber resilience, as defined within the security strategy.
Act as a key individual in determining the technical security strategy in partnership with enterprise architecture and communicating with a broad range of senior stakeholders.
Represent the business and client to ensure that all change is supported enabling business growth in a risk reducing manner.
Provide reporting on key performance indicators and Governance meetings