Job Description · Client Information Protection (CIP) is seeking an experienced Information Security professional for the role of Business Information Security Officer (BISO) supporting the client pharmacy cyber-security landscape.
· Serve as a trusted advisor with Pharmacy+/PBM+ leadership.
· Act as a liaison to ensure cybersecurity practices are built into initiatives for the entire lifecycle.
· Leverage Shared Service Integrated Cyber Risk Management Framework to help the business effectively manage business risk.
· Work closely with business leadership to instill cybersecurity policies and practices to address security operations, incident response, application security and infrastructure.
· Be actively informed and engaged in security projects across the business ensuring projects are focused on cybersecurity from the beginning.
· Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure, and applications.
· Enforce the strong security culture set forth by the CISO.
· Openly support the CISO, management team and executive leadership, even during tumultuous times.
· Foster strong relationships with the business area and excel in cybersecurity communication.
· Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business unit.
· Identify and document threats and vulnerabilities that may impact the business and address them regularly through various touchpoints and forums.
· Proactively document and track security risks, remediation plans, exceptions, and control deficiencies
· In conjunction with CIP and Pharmacy leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to in terms that are accessible and comprehensible.
· Provide motivation to adopt cybersecurity controls.
· Stay abreast of new laws, regulations, and standards, and assess their impact to the business.
· Perform other duties as assigned.
Skills · Minimum of 5+ years of information security or related risk management experience
· Experience with and knowledge of a broad range of security topics covering industrial controls systems, operational technology, information protection, application and infrastructure security, vulnerability management, and incident response.
· Knowledge of industry standards and frameworks (NIST, SOC1, SOC2, HIPAA, PCI, etc.)
· Proven track record of successfully influencing and leading peer and matrix teams where no direct reporting relationship exists.
· Strong leadership qualities and business acumen to engage with all levels of the organization.
· Ability to understand business ecosystem and define a related threat landscape.
· Ability to translate information security and technical controls into business terms that are easily understood.
· Excellent verbal, written, and presentation skills.
· Ability to work a flexible schedule to accommodate project deadlines.
· Strong collaboration skills
Education: · Bachelor's degree in related field or equivalent experience
· CISSP or other security related certification preferred (CISM / CRISC)