Business Information Security Specialist- VP

The Business Information Security Specialist serves as a key advisor and liaison between security, technology, and business units, ensuring robust risk management and compliance strategies. This role combines deep cybersecurity expertise with strong communication and consulting skills to drive risk awareness, governance, and business-aligned security initiatives.

Working closely with business leaders and risk teams, this individual translates complex security risks into actionable insights, fostering informed decision-making across technology and operations.

Key Responsibilities

Security Governance & Compliance

• Develop, implement, and maintain security governance frameworks tailored to business needs.
• Lead security briefings and updates for key business stakeholders.
• Ensure compliance with relevant security regulations, industry standards, and legal requirements.
• Evaluate business initiatives to confirm alignment with security policies and risk management strategies.
• Provide expert guidance on security policies, standards, and procedures.
• Act as the primary security liaison during regulatory audits and compliance reviews.
• Present key risk indicators (KRIs) to business leaders to enhance risk visibility and awareness.

Risk Management & Business Engagement

• Serve as the main security point of contact for business units, embedding security into enterprise initiatives.
• Conduct regular risk assessments and provide strategic updates to senior leadership.
• Coordinate business involvement in security incidents to ensure effective response and resolution.
• Promote risk-aware decision-making, ensuring business units actively identify and escalate security risks.
• Provide data-driven insights to measure and mitigate security risks within business operations.
• Lead discussions to enhance security processes and reduce business risk exposure.

Strategic Security Consulting

• Analyze evolving threats and provide expert cybersecurity guidance to business leaders.
• Advocate for enterprise risk management, regulatory compliance, and security best practices.
• Align security strategies with business goals to optimize risk management.
• Collaborate with technology teams to integrate security into business processes, projects, and operations.
• Conduct security audits, assessments, and assist with remediation efforts.

Security Awareness & Culture

• Implement training initiatives to reduce security risks and enhance employee engagement.
• Identify risk reduction opportunities and promote continuous security improvements.
• Represent Enterprise Security as a strategic business partner and risk management leader.

Qualifications & Experience

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or a related field (or equivalent experience).
• 8 years of experience in cybersecurity roles.
• 6 years of experience in risk management.
• 5 years of experience communicating complex security topics to executive leadership.
• 5 years working with security and risk frameworks such as ISO 27001, NIST CSF, and COBIT 5.
• 5 years of experience bridging the gap between business and technology teams.
• 5 years of security experience within the financial services industry.

Certifications (Preferred)

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified Risk and Information Systems Control)