Business Information Security Officer Enterprise Data Organization

Design, implement, and maintain global security policies, standards, and procedures focused on protecting data across all environments, ensuring alignment with business and IT priorities..
Ensure the divisional security strategy aligns with broader organizational goals, particularly data privacy and protection regulations (e.g., GDPR, CCPA)..
Own and manage all data-related security risks, performing risk assessments specific to data storage, processing, and transfer..
Identify, assess, and prioritize data security vulnerabilities, ensuring effective remediation plans are in place and executed..
Conduct periodic audits of data security controls to ensure compliance with internal policies and external regulations..
Ensure adherence to data protection laws and implement robust measures for data privacy, security, and retention..
Work closely with software development teams to ensure secure data handling throughout the software development lifecycle (SDLC), embedding security in data processing systems and applications..
Ensure that data security requirements are incorporated into all phases of technology systems, from design through deployment..
Lead investigations into data security breaches, ensuring proper reporting and communication with senior management during incidents..
Work with the Cyber Incident Response Team (CIRT) to address and mitigate cybersecurity incidents, ensuring appropriate remediation of data breaches..
Develop and deliver targeted security training programs for employees, contractors, and third parties on best practices for data protection..
Implement ongoing data security awareness initiatives, ensuring all stakeholders understand the importance of safeguarding organizational data..
Coordinate with third-party security vendors to conduct vulnerability assessments, penetration tests, and security audits focused on data protection..
Stay current on emerging data security trends, threats, and technologies, recommending updates to security measures as needed..
Establish and maintain a strong data security posture, continuously monitoring the effectiveness of controls and processes..
Represent EDO security to external stakeholders..
Regularly evaluate the organizations data security safeguards, ensuring they provide robust protection against evolving threats and data-related risks..
Qualifications Experience.
Bachelors degree in computer science, Information Systems, Engineering, or a related field (masters preferred)..
CISSP (Certified Information Systems Security Professional) is a MUST (non-expired)..
OWASP Membership and CRISC (Certified in Risk and Information Systems Control) preferred..
810+ years of experience in security-focused roles, particularly in technology-heavy industries (e.g., Software, Financial Services)..
Prior experience as a software engineer or systems/network engineer..
Proven track record of securing cloud-based services, ensuring scalability, performance, and reliability..
Experience with PII (Personally Identifiable Information) and security compliance regulations..
Expertise in a wide range of security domains: access controls, network security, cloud security, PKI and cryptography, application security, security models, and incident management..
Experience in cloud computing architectures, common open-source technologies (e.g., Kafka, Spark, Hadoop), and web application development (e.g., Java, PHP, Python)..
Strong understanding of NIST security controls frameworks, risk assessment, and risk management..
Experience in secure software design, security testing, and vulnerability remediation..
Familiarity with service control frameworks such as SOC 1 and 2..
Knowledge of threat modeling and risk management practices..
Solid experience in security engineering, system and network security, authentication, cryptographic protocols, and application security..
Strong ability to design secure architectures and review security in development processes..
Familiarity with common security testing tools, vulnerability scanners, and security code reviews..
Strong project management skills with experience leading cross-functional teams in large, complex security projects..
Demonstrated ability to mentor and lead security engineers and managers, fostering a culture of high morale and agility..
Experience with usage and Risk around use of AI in the enterprise a definite bonus.
Compensation/Benefits Information: (This section is only applicable to US candidates).