Business Information Security Officer (BISO)

• Ensuring our security awareness program meets all industry regulations, standards and compliance requirements.
• Ensure that our security awareness program clearly communicates our security policies and requirements that people know, understand and adhere to them.
• Identify top human risks to our organization and the behaviours we need to change to mitigate these risks. Develop and maintain a security awareness program that effectively changes these behaviours so our employees act in a secure manner, reducing the most risk to our organization.
• Create a positive program that engages employees, to include focusing on changing behaviours both at home and at work. Secure behaviour should be demonstrated regardless of location and devices in use.
• Structure and maintain this program for the long term, aiming to change culture and not just behaviours.
• Create a metrics framework that can effectively measure these requirements.

Key Decisions within the Role

• Accountable for identifying and solving problematic behaviors.
• Implement the internal security awareness & training program.

Team

• Direct accountability for security awareness.

Requirements

Experience

• Bachelor’s degree in information technology, computer science, or a related field.
• Ability to form complex messages/communications in a simple, clear and concise manner to the various communities within the organization. This can include different cultures, nationalities, and international locations.
• An understanding of the concepts of information risks and the different elements that make up said risk.
• Project management experience is a plus, the ability to plan, manage and maintain a complex, organization-wide program over the long term.
• An understanding of Third Party Information Security Assessments (TPISA) is a plus.
• Meticulous where budgeting is concerned.
• Ability to work independently and as part of a team.