Business Information Security Officer

Job Description: Business Information Security Officer (BISO)

Location: Raleigh, NC
Position Overview:
Pearson is seeking a skilled and experienced Business Information Security Officer (BISO) to join our team in Raleigh, NC. The BISO will be responsible for ensuring the implementation of effective security controls, compliance with regulatory requirements, and managing risks related to information security across Pearson's business units. The ideal candidate will have a strong background in risk management, regulatory compliance (GDPR, HIPAA, PCI-DSS), and experience with security standards such as NIST.

Key Responsibilities:

• Consult on Security Controls: Collaborate with business units to design, implement, and monitor security controls that align with organizational needs.
• Regulatory Compliance: Ensure compliance with GDPR, HIPAA, PCI-DSS, and other relevant regulations, and provide expertise in interpreting these standards.
• Employee Security Training: Develop and deliver security awareness training to employees, promoting a culture of security across the organization.
• Third-Party Risk Management: Evaluate the security risks associated with third-party vendors and partners, ensuring they adhere to Pearson's security policies.
• Security Policies and Procedures: Create, maintain, and update security policies and procedures to ensure Pearson's security posture remains strong and compliant with evolving regulations.
• Risk Assessments: Perform regular risk assessments, identifying potential security risks and recommending mitigation strategies.
• Security Incident Investigation: Investigate and analyze security incidents, identify root causes, and recommend corrective actions to prevent future incidents.
• Implementation of New Security Technologies: Evaluate and support the deployment of new security technologies to improve the overall security infrastructure of the organization.

Qualifications:

• Experience in Risk Management, including identifying and mitigating security risks across diverse environments.
• In-depth knowledge of regulatory frameworks including GDPR, HIPAA, and PCI-DSS.
• Strong familiarity with NIST security standards and their application in an enterprise environment.
• Proven track record of creating and maintaining security policies and procedures.
• Experience in conducting risk assessments and providing actionable insights to reduce security risks.
• Strong communication and collaboration skills, with the ability to work across departments and influence stakeholders at all levels.
• Ability to respond to and investigate security incidents promptly and effectively.
• Experience implementing and managing new security technologies in a large organization.

Preferred Skills:

• Certification in security management (CISM, CISSP, or equivalent).
• Experience with third-party risk management processes and tools.
• Ability to lead and conduct security training sessions for employees.
• Strong analytical and problem-solving skills to effectively manage and resolve security incidents.

Job Types: Full-time, Contract

Pay: $25.00 - $45.00 per hour

Schedule:

• Day shift
• Monday to Friday

Experience:

• Cybersecurity: 1 year (Preferred)

Work Location: On the road

Salary : $25 - $45