Business Information Security Officer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Business Information Security Officer in the United States. This role provides strategic leadership in information security, responsible for developing and maintaining a robust security program to protect enterprise assets, data, and systems. The Business Information Security Officer oversees risk management, vendor security, incident response, and compliance with industry regulations and standards. The position works cross-functionally to integrate security best practices into business processes, guide executive decision-making, and foster a culture of security awareness across the organization. Success in this role ensures both operational resilience and regulatory compliance while supporting business objectives in a dynamic, collaborative environment. Accountabilities: • Develop, implement, and maintain a comprehensive information security program aligned with business objectives. • Lead enterprise-wide risk assessments, mitigation strategies, and control monitoring to reduce security vulnerabilities. • Chair the Information Security Council, engaging stakeholders across departments to execute the security strategy. • Manage third-party vendor security, including due diligence, onboarding/offboarding, contract security clauses, and SOC2/SIGLITE reviews. • Oversee incident response planning and execution, ensuring timely containment, investigation, and remediation of security events. • Develop and enforce security policies, procedures, and standards, ensuring compliance with relevant regulations (e.g., GLBA, GDPR, CCPA). • Drive security awareness through training programs, briefings, and communication initiatives. • Provide regular reporting on security posture, trends, and initiatives to senior leadership and relevant stakeholders. Requirements: • Minimum 7 years of progressive experience in information security roles, preferably in financial services. • Bachelor’s degree in information security, computer science, or related field; advanced degree or certifications (CISSP, CISM, CISA, GIAC) preferred. • Strong knowledge of security standards (NIST, ISO/IEC 27000, PCI DSS, COBIT, ITIL) and regulatory frameworks. • Experience with risk management, vendor security assessments, and incident response management. • Proficiency in reviewing SOC2 and SIGLITE reports and assessing third-party security posture. • Excellent analytical, problem-solving, and decision-making abilities. • Strong interpersonal, communication, and leadership skills; ability to collaborate across all organizational levels. • Ability to develop and maintain policies, procedures, and training programs to foster a culture of security awareness. • Technically savvy with understanding of network architecture, IT systems, and cybersecurity technologies. Benefits: • Competitive salary based on qualifications and geographic location, ranging from $113,382 to $194,876 depending on zone. • 401(k) plan with company contributions. • Medical, dental, and vision coverage for employees and dependents. • Paid time off and sabbaticals. • Tuition reimbursement and professional development opportunities. • Bonus and incentive programs. • Remote work flexibility with supportive work-life balance initiatives. Why Apply Through Jobgether? We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best! Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time. #LI-CL1 Apply tot his job