Business Information Security Officer

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company’s new website at:

It’s not just about your careeror your job title it’s about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters do things that haven’t been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.
- Summary:_

The Enterprise Information Security team is looking for a highly motivated Business Information Security Officer (BISO). This role serves as the primary point of contact between the cybersecurity function and their assigned business unit(s), region, service line, platforms(s), and/or corporate function. The BISO is responsible for maintaining a strategic relationship with the specific business unit or function that they are aligned to. This is usually done to ensure that cybersecurity is incorporated into the culture of the enterprise/organization/business unit in question.

The BISO manages the business and security experience, both internally and externally. Within the organization, the BISO serves as a first-point of escalation for commonplace cyber security concerns. Externally, the BISO sees to it that partners and other third-parties enjoy working with the security team; that third-parties do not report meeting unfriendly, unhelpful or incomprehensible employees. In essence, a BISO provides ‘white glove service’ and ensures that everyone has a positive experience while working to address security concerns.
- Duties and Responsibilities:_
- Ask the right questions. A BISO must be naturally curious and even a little suspicious of everything at face value, and get below the surface to a problem or request.
- Be an information broker. Adopting a researcher's mindset, particularly when resolving problems. I hoard references, working notes, and lessons learned, and make a habit of sharing those with others when it's appropriate and most relevant. You don't have to have all the answers, but you do need to know where to find them, and who should be looped into a problem to best resolve it. Sometimes asking for help and bringing in other expertise is the answer, too
- Be biased towards action ("_Audentes Fortuna Juvat_"). This Latin phrase is popular amongst military units, and translates to "Fortune Favors the Bold." BISOs are delegated authority by senior management for a reason - their expertise and judgment are depended upon to support risk decisions. Make sure I can justify my actions and back up my decision-making with authoritative references.
- Seek harmony in conflict If there's any constant for leaders, it's having your decisions challenged. BISOs need conflict resolution skills, and the ability to seek unemotional resolutions to challenges that find consensus and bring people to the table to find common ground. There may be times where the right answer for security doesn't mean the right answer for the business as a whole... or vice versa (and most conflict erupts when security MUST override business desire, such as when legal and regulatory compliance are in question).
- Develop and maintain an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, consumers, data, and customers.
- Serve as the main contact or adviser for local security as part of IT security role and the IT business partners, infrastructure and architecture as well as finance, HR, legal, and other staff.
- Acts as a partner with the legal, compliance, and IT resources to establish an effective working relationship that enhances the security program effectiveness.
- Implementation of the information security policies and procedures across all assigned regions or units.
- Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function
- Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the Enterprise Information Security Team
- Work with BUs to align funding requirements with strategic initiatives
- Participate in cybersecurity and business-