The Information Security Officer acts as an interface between the work of the technology-focused analysts, engineers and administrators in the Technology organisation, and their aligned business channel. The ISO must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The ISO will support their aligned region/business channel by taking in business requirements, but also delivering back key control requirements and supporting the business in achieving the required control targets and behaviours through ISO scorecards. The ISO will have in depth knowledge of the Information Security regulatory requirements affecting their aligned channel and be able to guide the channel on appropriate compliance measures.
This ISO role at Associate Director level requires an individual with an ability to work with the Technology organisation and business management to align priorities and plans with key business objectives. The ISO will act as an empowered representative of the Information Security lead during business planning initiatives to ensure that security measures are incorporated into strategic business plans. The ISO will also be responsible for working with business and Technology stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance.
The ISO must be able to prioritise work efforts - balancing operational tasks with longer-term strategic security efforts. Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of the position.
Support the Information Security lead and Head of Global Cyber & Information Security with strategic planning
Establish and maintain relationships with senior executive stakeholders as appropriate across WPFH and ISS
Support other ISO's in stakeholder relationship building and management
Support the Head of Global Cyber & Information Security with board reporting and presentations
Understand the Information Security regulatory requirements affecting their aligned channel and be able to guide the channel on appropriate compliance measures.
Support the aligned business channel in understanding the appropriate application of Information Security policies and standards
Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the business channels goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk
Experience and Qualifications Required
Strong leadership skills and the ability to work effectively with business managers and IT staff.
The ability to build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
A strong understanding of the business impact of security tools, technologies and policies.
Capability to work with minimal supervision.
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
Experience working with legal, audit and compliance staff.
Experience developing and maintaining policies, procedures, standards and guidelines.
Experience with common information security management frameworks, such as International Standards Organization (ISO) 27001, the IT Infrastructure Library (ITIL) and NIST