PCL Information Security Officer (BISO)

Title: PCL Information Security Officer (BISO)
Location: Fort Lauderdale office, hybrid. May occasionally go to Miami office
25% Travel, to the ports, other locations in US
Duration: Direct Hire
Compensation: 170 to 180k plus bonus
Work Requirements: US Citizen, GC Holders or Authorized to Work in the U.S.

Skillset / Experience:
PCL Information Security Officer (BISO) plays a critical role in safeguarding PCL's information assets, ensuring compliance with security policies, and mitigating potential risks. It also involves overseeing and implementing security initiatives at the brand level that come from the Office of CISO. This entails aligning Brand IT activities with corporate security objectives, addressing brand-specific risks, and guiding Brand IT on security domains requirements. The BISO is also responsible for reporting compliance with these requirements to the Global CISO and Brand Executives.
Essential Functions:

• Prioritize, oversee, and manage security and compliance related projects and business-as-usual activities in the brand, ensuring successful execution and reporting. These projects and activities span across Identity and Access Management, Governance Risk and Compliance, Security Architecture, Maritime Safety, Infrastructure Application and Data Security, and Threat Management.
• Resource Allocation: Proposing and allocating funds for security tools, software, and hardware to protect the company's information assets.
• Risk Management: Budgeting for risk assessments, penetration testing, and other security assessments to identify vulnerabilities and mitigate risks.
• Compliance: Proposing and allocating funds for compliance efforts to meet legislative and regulatory requirements related to information security.
• Continuous Improvement: Allocating funds for ongoing security improvements, such as security updates, patches, and upgrades to existing security infrastructure.
• Policy and standards adherence: Ensure that the brand IT adheres to corporate security policies, standards, and guidelines, and develop brand-specific security policies when necessary.
• Ensure compliance with relevant industry standards, regulations, and legal requirements related to information security
• Team management: Ensure that sufficient resources are allocated to the Brand for security, meeting the security requirements of the Domains.
• Plan and provide essential training to the core security team at the brand, fostering effective communication and maintaining favorable working conditions for the team
• Performance Metrics: Track standard key security performance indicators to measure and improve brand security posture, effectiveness and reporting the result back to the CISO office and Brand (or Business Unit's) Executives
• Stakeholder Management: Collaborate with the security domains, peer BISOs, brand IT leaders, audit and other brand stakeholder groups to share best practices, brand security agenda and manage expectations
• Vendor management: In case there would be security vendors at brand level, responsible for negotiating, cultivating and maintaining strong relationships with external suppliers. This role might involve overseeing contract negotiations, ensuring vendor compliance with agreed-upon terms, and mitigating risks to optimize the overall performance of the vendor ecosystem at brand level.

• Education: Bachelor's degree in Business Informatics, Business administration, Information Technology, Computer Science, Information Security. Master's degree in degrees relevant to Information Technology or Information Security
• Certifications: Desired to have one of or more of the following certificates: CISM, CISSP. Desired to be trained in Project management, product management or Agile approach

• 8-12 years of experience in roles relevant to information security.
• 2-3 years of team management or leadership experience.

• Deep understanding and familiarity with core concepts of network security, security architecture, security operation, vulnerability management, cloud security, application security, security awareness program and threat intelligence.
• Experience with security technologies and tools, including SIEM, IDS/IPS, endpoint protection, encryption, access control, firewalls, Vulnerability Management, etc.
• Strong knowledge of cybersecurity and privacy principles, frameworks, and best practices (e.g., NIST Cybersecurity Framework, PCI, SOX, GDPR.
• Team management, stakeholder management, communication and interpersonal skills. Ability to analyze complex security issues and provide timely and effective solutions.

• Previously acted as security manager or senior security consultant in mid to large organizations

About INSPYR Solutions

Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients’ business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.
 
INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.