Business Information Security Manager

The Business Information Security Manager is responsible for prioritizing security risks across the lines of businesses, technology, and representing the Chief Information Security Officer in security matters. The role requires close integration with various client-service leaders, technical managers, and non-technical stakeholders. In addition to leading cyber security projects and initiatives, this role will focus on driving security in the human resources and financial solutions department by maturing the adoption of security control frameworks, policies, and standards.

The department manages the strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Robert Half and the Protiviti brand. Cybersecurity areas of focus include Governance Risk & Compliance, Technical Risk Management, Incident Response, Engineering, and Architecture.

As Business Information Security Manager your specific responsibilities will include:

• Serve as a liaison between business and technology organizations to ensure that information security related business requirements are clearly defined, communicated, well understood, and considered as part of operational prioritization and planning.
• Serve as a point of escalation for security governance, risk management, compliance issues, and other security topics while working closely with business and technology leadership to improve the quality and value of security.
• Establish and maintain an enterprise security business partner program, which includes driving information security requirements into the business, as well as bringing business needs into the security organization.
• Socialize new cybersecurity standards and manage discussions around potential adoption and implementation issues.
• Facilitate leadership level discussions on optimized deployment plans of new and evolving cyber tools to ensure minimal disruption to the business line.
• Leverage the program governance model to influence decision-making and minimize risk to the program.
• Effectively and appropriately communicate with C-level executives and other leadership levels within the organization.
• Use status reports and other communications to elicit feedback, incremental modifications, and optimizations to the overall list of activities for the team.
• Identify and implement key leverage points within the program to effect and influence positive change.

What you’ll need:

• Bachelor's Degree in Computer Science, Management Information Systems, Cybersecurity or equivalent professional experience. MBA or other advanced degree preferred.
• Previous professional services or cybersecurity consulting experience.
• Considerable tact, diplomacy, and people skills while engaging with executive leadership.
• Demonstrated effective use and experience with M365 products or comparable certificates.
• Extensive demonstrated experience in a leadership role or overall lead role (management, program, or direction setting).
• Experienced in operating in a highly matrixed corporate structure with competing priorities.
• Adaptable to new technologies and cybersecurity practices as necessary.

Special Consideration for experience in the following:

• Experience in a security leadership, security architecture, or a governance risk and compliance role.
• Superior communication (verbal and written), problem solving, collaboration, presentation, executive presence, and interpersonal skills.
• Experience with Workday, AWS, or comparable HR and Financial platforms.
• Working knowledge of cyber security practices and technologies such as identity and access management (IAM), multi-factor authentication (MFA), encryption, IDS/IPS, firewall, end-point protection (AV, EDR), data loss prevention (DLP), cloud application security broker (CASB), vulnerability management (VM), and security information and event management (SIEM).
• Knowledge of information security regulatory requirements such as General Data Protection Regulation (GDPR), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standards (PCI).
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, SOC 2, NIST 800-53, and the CIS Framework.
• Active certification of one of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional (CCSP).
• Project Management Professional (PMP) or comparable certification.