Manager - Business Security Officers (BISO)
Primary Location: Rosemont, IL (Hybrid)
Position Type: Full-Time Direct Hire

Overview
Business Security Officer Manager to join our premier financial services client in the banking industry. This is a direct-hire, hybrid role located in Rosemont, IL, with a focus on managing the growth and continuous improvement of the corporate Business Security Officer (BISO) program.

BISO will ensure that each Business Area has an embedded business representative that will facilitate, promote, and communicate the Security and Fraud programs as well as provide feedback to Security and Fraud. Each BISO is responsible for the oversight of their respective business areas compliance with Security and Fraud policies and programs.

The primary responsibility of the BISO is to bridge the gap between business objectives and information security and fraud requirements. The BISO ensures that security and fraud strategies are effectively integrated into business processes, thus safeguarding sensitive financial data and maintaining regulatory compliance.

By fulfilling this role, the BISO helps to protect the financial institution's assets, maintains customer trust, and supports the sustainable growth of the business.

Qualifications

Bachelor's degree and minimum of 10 years of business experience. Excellent verbal and written communication skills with a wide range of audiences, including executives, business stakeholders, and technology team members. Experience in leading projects or initiatives in a complex environment. Experience in taking complex ideas and constructs and relating them in easy-to-understand language. Must be a critical thinker with strong problem-solving skills. High level of personal integrity and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity. A quick learner with a high degree of initiative, dependability, and ability to work with little supervision.

General Responsibilities

• Enhance Security Posture:
  • Strengthen the organization's overall security posture by adopting robust security controls within business units.
  • Proactively identify and address vulnerabilities and threats.
• Ensure Regulatory Compliance:
  • Maintain compliance with industry regulations and standards, minimizing the risk of legal and financial penalties.
  • Adapt security and fraud practices to evolving regulatory requirements.
• Foster Collaboration:
  • Promote a collaborative approach to security, ensuring that business units understand and support security initiatives.
  • Facilitate open communication between technical and non-technical teams.
• Support Business Growth:
  • Enable secure business operations by embedding security into the development and deployment of new products and services.
  • Support business innovation while managing security risks.
• Incident Management:
  • Prepare for and effectively respond to security and fraud incidents, minimizing the impact on business operations.
  • Participate in business continuity and tabletop exercises.
  • Ensure swift recovery and continuity of services.
• Cultivate Security Awareness:
  • Develop a security-conscious culture among employees, reducing the likelihood of human error leading to security incidents.
  • Ensure ongoing security and fraud education and awareness programs are in place and effective.

Corporate Security Responsibilities

• Serve as the business advocate/liaison for major incidents.
• Organize and conduct Corporate Security training for all business area employees.
• Attend Corporate Security training and monthly meetings.
• Present Annual Security Summary to the Audit Committee and Charter boards.
• Assist in the development of business lines/Charter physical security budget.
• Report Corporate Security trends and issues affecting business areas.
• Report incidents to Security and Fraud.

Fraud Responsibilities

• Act as the primary point of contact for Enterprise Fraud in the business area.
• Educate the Enterprise Fraud Program updates, policies, controls, and initiatives to designated business area staff.
• Review and report, with guidance from Enterprise Fraud, the applicable reports, trends, and threats to business area leadership.
• Assist with Fraud training, reporting, and metrics within the business area.

Identity & Access Management (IAM) Responsibilities

• Assist client's Access Management with the support needed for the business area to comply with periodic and yearly access reviews.
• Provide input into key initiatives and business area prioritization, where IAM is accountable or responsible for outcomes. Assist in the process of onboarding or sunsetting relevant business systems and applications.
• Within the business area, identify trends, opportunities, and gaps in the onboarding/offboarding workflows for Access Management for SNOW requests.
• Identify and assist business area application owners in the development of applicable roles in Business Applications in the advancement of user administration.
• Identity key Access Management KPI metrics to enable the business area to track posture and inform IAM teams on performance related to their application or process.
• Assist with the development, updating, and adherence to IAM policies and procedures.

Competencies

• Business Line Technologies: Familiarity with business line systems and technologies.
• Crisis Management: Being able to respond effectively to security issues or crises to minimize damage and ensure business continuity, communication, and reporting.
• Communication: Excellent communication skills to liaise with internal stakeholders, staff, senior leadership, or law enforcement agencies regarding security matters.
• Analytical Thinking: Capacity to analyze opportunities, threats, process improvements, gaps and communicate them effectively.
• Leadership: Ability to lead and coordinate teams, gather information, be a subject matter expert, and provide consultation as necessary.
• Ethical Conduct: Upholding high ethical standards and integrity in dealing with sensitive information and security-related matters.
• Crisis Management: Being able to respond effectively to security breaches, emergencies, or crises to minimize damage and ensure business continuity.
• Continuous Learning: Keeping abreast of the latest security threats, trends, and technologies through ongoing training and professional development.

Compensation
The expected salary range for this position is [$110-$158K)plus bonus] depending on experience and qualifications. The role also qualifies for comprehensive benefits, including health insurance, retirement plans, and more.