TOP MUST HAVE SKILLS:
- Current or prior experience as a Business Information Security Officer (BISO)
- Information Security experience with one or more of the following:: security program management, metrics capture and analysis and technology expertise.
- Supporting the design and implementation of information security programs
Support the Business Information Security Partnership (BISP) Directors within Global Information Security (GIS) organization and their assigned products & platforms, while serving as the trusted advisor. The BISP Manager role will support the BISP and liaise on a tactical level between the product & platforms teams and Global Information Security (GIS), keeping clear lines of communication including but not limited to; transparency to the product & platforms on upcoming security initiatives, reporting of security risks to product & platform leader, and the GIS sub-functions. In addition, this role will ensure business compliance with the GIS Policy and Standards while continuously monitoring and reporting on risks and documented exceptions.
In supporting the BISP Directors, the incumbent will use their experience and knowledge of information & cyber security as well as their process management, negotiating, influence and problem-solving skills to understand security technology lifecycles and objectives; further, to translate them into mutually beneficial business strategies for their product & platforms clients.
5 years relevant work experience including:
o 3 years in information security that includes security program management, metrics capture and analysis, and technology expertise.
o 2 years supporting the design and implementation of information security programs
o 2 years supporting implementing enterprise security risk management frameworks and processes
Bachelors degree in Computer Sciences or related field or equivalent experience/certification
Preferred:
Experience with securing cloud environments (AWS, Google, Microsoft, Alibaba, etc.)
Experience working in an Agile environment
Knowledge of DevSecOps | application security
Understanding and experience with at least one industry security standard/framework including NIST CSF, NIST 800-53, ISO27001, CSL, and PCI DSS
Understanding of key network and technical security controls
Knowledge of global regulatory standards to include GDPR, CCP, etc.
Ability to demonstrate security experience via certifications (Security , CISSP, CISA, CRISC, CISM, etc.) or significant career accomplishments in technology
Ability to apply organizational information security policies at a product & platform squad level
Strong negotiating, influencing, and problem resolution skills in a high-pressure environment
Knowledge of business environment, service requirements, and hospitality culture