Business Information Security Officer

Job Description Summary

The Business Information Security Officer (BISO) liaises with our business units and serves as the primary point of contact between Information Security and our business units. The BISO assists in enabling business strategies, while balancing the security risk and ensuring security is aligned with business strategies. Interacts with all levels of leadership in the firm to accelerate solutions through better communication and alignment. The key to success is the ability to influence senior business leaders about the need to embrace security initiatives.

Job Description

This position follows our hybrid workstyle policy: Expected to be in a Raymond James office location a minimum of 10-12 days a month.

Please note: This role is not eligible for Work Visa sponsorship, either currently or in the future.

Responsibilities:

• Articulates the security perspective to the business and helps them understand the potential impact and possible controls in business terms.

• Communicates business knowledge and requirements to the Information Security organization thus ensuring security is aligned with business strategy and need.

• Counsels business units in understanding regulatory information security compliance requirements and helps ensure compliance.

• Represents the business unit in development of policies and standards.

• Act as primary point of contact for all IT internal audits, participates in scoping, deliverable requests and collaborates with senior leadership to clear audit reports and ensure action plans are complete and effective.

• Ensures IT owners are held accountable for their controls and understand responsibilities as to risk mitigation and remediation as well as compliance to security policy and standards to reduce liabilities.

• Understands and reports on the overall information security risk posture of the business unit, and provides an enterprise view of vulnerabilities and associated risks to both the business and information security.

• Focuses on process improvement to manage risk, proactively prevent problems and identify opportunities for efficiencies and automation.

• Investigates security incidents for the business and works with Information Security teams to recommend/implement appropriate corrective actions.

• Understands, tests and implements security plans, products, strategies and control techniques.

• May lead or participate in security related projects and strategy.

• Performs other duties and responsibilities as assigned.

• Design and implement disaster recovery and contingency plans to protect company data.

• Help develop procedures for an area of the organization and monitor their implementation.

• Contribute to stakeholder engagement by identifying stakeholders; by finding out their needs, issues, and concerns; and by reacting to these needs, issues, and concerns, arranging meetings and events and drafting supporting materials to promote understanding and commitment.

• Develop own capabilities by participating in assessment and development planning activities as well as formal and informal training and coaching; gain or maintain external professional accreditation, where relevant, to improve performance and fulfill personal potential. Maintain an understanding of relevant technology, external regulation, and industry best practices through ongoing education, attending conferences, and reading specialist media.

• Support strategy formulation for digital by exploring how information technology can be used to help the organization become more responsive to customer needs and changing business requirements.

• Provide specialist advice on the interpretation and application of policies and procedures, resolving queries and issues and referring very complex or contentious issues to others.

Skills:

• Financial services experience highly preferred.

•  Knowledge of Information Security programs including, but not limited to, audit reviews, risk assessment, awareness and training, identity and access management, data protections, secure SDLC, incident management, vulnerability assessment, penetration testing, third-party assessment, secure configurations and patch management.

•  Advanced knowledge of infrastructure and logical security technology with experience working with ITIL, ISO 17799 and/ or CoBit processes and procedures.

•  Experience translating business drivers and priorities into security design.

•  Knowledge of government and other regulations related to Information Security (e.g., GLBA, SOXA 404, FFIEC, PCI, Privacy, HIPAA, etc.).

•  Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).

• Uses clear and effective verbal communications skills without supervision and provides technical guidance when required on expressing ideas, requesting actions and formulating plans or policies.

• Works without supervision and provides technical guidance when required on achieving full compliance with applicable rules and regulations in management and/or operations.

• Works without supervision and provides technical guidance when required on maintaining the security, integrity, compliance and continuity of IT systems and services.

• Works without supervision and provides technical guidance when required on developing, monitoring, interpreting and understanding policies and procedures, while making sure they match organizational strategies and objectives.

• Needs guidance (but not supervision) to communicate with other people by speaking in a clear, concise and compelling manner.

Licenses/Certifications:

• Security and control certifications highly preferred (CISSP, CISM, CISA, CRISC).

Education

Bachelor’s: Computer and Information Science, Bachelor’s: Information Technology, High School (HS) (Required)

Work Experience

General Experience - 6 to 10 years

Certifications

Travel

Less than 25%

Workstyle

Hybrid

At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view. We expect our associates at all levels to:

 Grow professionally and inspire others to do the sameWork with and through others to achieve desired outcomes

 Make prompt, pragmatic choices and act with the client in mindTake ownership and hold themselves and others accountable for delivering results that matter

 Contribute to the continuous evolution of the firm

At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates.  

When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs. #LI-TC1