Business Information Security Officer (BISO)

The Business Information Security Officer (BISO) plays a pivotal role in collaborating with a select group of small to medium-sized business (SMB) clients to strategically guide and oversee their information security initiatives. This involves offering on-demand BISO services tailored to the unique needs of these clients.
The comprehensive information security program provided to our clients encompasses an array of essential services, including:
Information security leadership
Risk management
Security governance
Compliance alignment
Security monitoring and reporting
Security architecture and technology
Incident response and management
Vendor risk management
Security awareness and training
The ideal candidate for this position should possess a strong technical background, expertise in security and compliance, excellent customer-facing skills, and an executive presence that instills confidence. This role involves not only technical proficiency but also effective communication and leadership to guide SMB clients in safeguarding their information assets and maintaining a secure digital environment.
Responsibilities:
Gain a deep understanding of the business environments and compliance requirements of assigned clients.
Collaborate with client executives to create and develop robust cybersecurity programs.
Establish trusted relationships with executives to enhance the effectiveness of governance, risk, and compliance efforts.
Effectively manage IT risk in alignment with business objectives.
Assist clients in reducing risk exposure and enhancing their compliance status to meet regulatory mandates.
Aid clients in aligning with various compliance frameworks, including ISO27001, SOC2 Type2, CMMC, HIPAA, PCI, and others.
Conduct security assessments and deliver comprehensive results presentations.
Conduct annual security ceremonies, such as risk assessments, tabletop exercises, and third-party audits.
Offer security guidance and leadership to both internal GXA IT teams and client IT teams, ensuring that controls are implemented in accordance with the client's security program.
Proactively anticipate forthcoming security and compliance challenges.
Prepare for and conduct Information Security Review meetings.
Conduct research to identify security enhancements and provide informed recommendations.
Stay current on emerging information technology trends and evolving security standards.
Foster and maintain a positive rapport with clients, consistently striving to deliver the highest level of service.
Key Accountabilities:
Effective Risk Management: Ensuring assigned Clients’ information security risks are identified, assessed, and mitigated to an acceptable level.
Enhanced Security Posture: Improving the overall security posture of assigned Clients by implementation of robust security controls, policies, and procedures.
Compliance Adherence: Guiding, advising and helping assigned Clients comply with relevant laws, regulations, and industry standards, such as GDPR, HIPAA, ISO 27001, or NIST.
Cybersecurity Incident Response: Developing and implementing an effective incident response plan to minimize the impact of security incidents and breaches.
Security Awareness: Helping clients promote a culture of security awareness among employees, reducing the risk of human error and social engineering attacks.
Vendor Risk Management: Working with assigned Clients to manage and assess the security risks associated with their third-party vendors and suppliers.
Data Protection: Helping Clients identify and safeguard their sensitive data and ensuring data privacy through encryption, access controls, and data loss prevention measures.
Build strong client relationships: Meet and engage with clients regularly and build strong business relationships.
Inspired standards: Develop and maintain discipline, excellence and workmanlike diligence to produce sustained results.
Make serving clients fun: Be engaged, energetic, creative and fun to work with.
Inspire our clients: Show our clients what’s possible through InfoSec. Open their minds up to the possibilities as they work to reduce CyberRisk in every facet of their business.
Requirements
CISSP certification or an equivalent credential is mandatory.
Prior MSP or MSSP in similar role or experience overseeing multiple clients is required.
Strong IT background and skills.
Exceptional communication abilities and executive presence are essential.
Possessing a bachelor's degree in computer science is a desirable qualification.
Exhibiting high levels of energy and a determined drive is imperative.
Capable of handling multiple tasks and adept at adapting swiftly to changing circumstances.
Self-motivated and able to excel in a fast-paced working environment.