Alvarez & Marsal

Description

Business Information Security Officer – Job Description

With the growth of the business globally we are expanding our Global Security Office (GSO) and are looking to recruit a Business Information Security Officer to join the team in London. Reporting to the Chief Security Officer, you will come from an Information Security background with experience of serving as a trusted BISO to mid-large sized organisations.

Role Summary

The BISO provides leadership, executive support, and strategic and tactical guidance for the cybersecurity program supporting enterprise security initiatives. As a business enabler, the BISO is an effective communicator with the technical aptitude to drive security fundamentals into aspects of the business. 

The BISO must be capable of working closely with senior management, third parties, project managers and business subject matter experts (SMEs). Additionally, the BISO should be personable and able to translate business leader requirements to augment the security program / roadmap. The BISO role requires a technical background and ability to understand technologies, their purpose, and their security requirements and data protection needs, wherever they reside. The BISO should also understand threats, as well as risk mitigations and technical controls recommended by security leaders.

Role Responsibilities

• Act as a liaison to ensure cybersecurity practices are built into business unit initiatives for the entire lifecycle.
• Act as a trusted point of contact across business units.
• Work closely with security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.
• Be actively informed and engaged in security projects across the business.
• Enforce the strong security culture set forth by the CSO, ensuring uniformity across security leadership, business units and employees.
• Foster strong relationships with internal business units and excel in cybersecurity communication.
• Advise business units on enterprise-wide people, process and technology security recommendations.
• Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.
• Provide motivation to business units to adopt cybersecurity controls.
• Remove complexity and obstacles that hinder efficient security controls enterprise-wide.
• Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure and applications.
• Stay abreast of new laws, regulations and standards, and assess their impact to the business.
• Verify security content training initiatives and internal/external communication are conducted regularly.
• Openly support the CSO, management team and executive leadership, even during tumultuous times.
• Perform other duties as assigned.

Key Skills

• Strong written and verbal communication skills across all levels of the organization.
• High level of integrity, trustworthiness and confidence, and able to represent the company and security leadership with the highest level of professionalism.
• Adept at understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.
• Strong project management, multitasking and organizational skills.
• Ability to work effectively with diverse teams and varying personalities and adapt management style to effectively reach mutually beneficial outcomes.
• Able to attain and preserve credibility with the team through sustained industry knowledge.
• Applicable knowledge of national and global cybersecurity policies, regulations and security frameworks.
• Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.

Experience Requirements

• Some experience of cybersecurity or information technology project management.
• Some experience of related security systems administration (preferable).
• Extensive experience of cybersecurity and/or information technology experience.
• Preferable, but not required: CISSP, CISM, CRISC, CISA
• Bachelor's degree in business administration, information assurance or related technical field.

Diversity & Inclusion

A&M’s entrepreneurial culture celebrates independent thinkers and doers who can positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M’s core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity—are the main reasons our people love working at A&M. Inclusive Diversity means we embrace diversity, and we foster inclusiveness, encouraging everyone to bring their whole self to work each day. It runs through how we recruit, develop employees, conduct business, support clients, and partner with vendors. It is the A&M way.

Equal Opportunity Employer

It is Alvarez & Marsal’s practice to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, creed, religion, national origin, ancestry, citizenship status, sex or gender, gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, family medical history, genetic information or other protected medical condition, political affiliation, or any other characteristic protected by and in accordance with applicable laws. Employees and Applicants can find A&M policy statements and additional information by region here.

Unsolicited Resumes from Third-Party Recruiters

Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters are engaged to provide candidates for a specified opening and in alignment with our Inclusive Diversity values. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.