Business Information Security Officer

**What success looks like in this role**:
Responsible for the development, adoption, compliance, and governance of the security strategy, roadmap, and policies that are aligned to the organization’s overall security objectives within a Business Unit (BU).
The BISO is a senior leader who is the single point of contact for information security related matters within the business unit. The BISO works closely with the BU leader and is a member of the BU senior leadership team. The BISO informs, tracks, communicates, and manages security, risk, and compliance of the BU as it relates to the CISO’s overarching program. The BISO is also responsible for managing the security requirements of the BU product and service offerings. The BISO bridges the BU to the CISO and is held accountable for the cybersecurity outcomes within the BU.
- Responsible for maintaining an inventory of BU cyber risk, vulnerability remediation status, policy violations, endpoint alerts, cybersecurity training, security exception requests, and security architecture for their respective service offerings.
- Responsible to ensure compliance to policies in the BU and to report to the CISO organization on a set of KPIs as defined by the CISO on behalf of the BU.
- Coordinate the BU cyber requirements and compliance for things such as pen-testing, audits, or the procurement of cyber security technologies that may be required uniquely to support their business unit.
- Accountable for the security health and risk state of the BU.
- Develops executive level intelligence briefing structure and drives implementation of actionable intelligence based on the accepted risk strategy.
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with Cybersecurity policies.
- Monitor and evaluate the effectiveness of the division's cybersecurity safeguards to ensure that they provide the intended level of protection to Unisys and to the customers.
- Ensure that Security requirements specific to customer projects and implementations are included in all phases of the system life cycle.
- Consult with BU Architecture, design and development team handling customer projects to ensure that Unisys security policies and guidelines and followed as well as customers’ security requirements.
- Engage with the CSIO Threat Intelligence Security Incident Response Process team to properly address and manage cybersecurity incidents or vulnerabilities in the BU.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during scans, risk assessments, audits, inspections, etc.
- Advise senior management on cost/benefit analysis of information Security programs, policies, processes, systems, and elements
- Be the face of Security within the BU for any internal, external or customer audits
- Understands the BU business, strategy, and information security requirements.
- Works closely with CSIO, IA and legal teams to improve the security posture, compliance, and risk management for each business unit.
- Promotes information security technology strategy and roadmap across each business unit. Brings requirements and drivers to the enterprise Information Security Risk Management team to influence the development of the information security strategy and roadmap.
- Provide periodic measurements and KPIs on the implementation of security policy within the BU to the CISO.

**You will be successful in this role if you have**:

- Bachelor’s Degree or equivalent experience
- 15+ years broad and diverse experience across cybersecurity strategy, compliance, operations, security architecture, vulnerability management, and cloud security
- Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
- Experience across multiple industries with expertise handling regulatory issues and risks
- ISACA CRISC or CISM, (ISC)² CISSP or CISSP-ISSMP certifications are a plus
- Experience overseeing and executing highly complex, cross-organizational initiatives within a large enterprise setting
- Ability to build relationships, influence and drive outcomes across multiple stakeholder groups
- Ability to effectively present complex technical topics to non-technical and technical audiences
- Project management experience highly desired
- Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregna