Business Information Security Officer (BISO)

Location:  Chicago, IL


Our client is a $30B+ global company that holds the #2 market position in their industry and is committed to a major transformation that includes centralizing and growing their cybersecurity team as well as a move to be a very nimble, open source development, and cloud enabled organization.   As part of their expansion and commitment to cybersecurity, our client is currently seeking a Business Information Security Officer (BISO).

The BISO functions as the security leader focusing on Information Security Risk Management, Policy Compliance, Access Management, Data Protection, and Security Awareness and Education.  This person will be accountable to an area of responsibility and will report both into that area as well as the Information Security Program Office.

This individual will be responsible for establishing and driving a business specific Information Security program aligned with the business area risks and will serve as a trusted advisor, both to the business and to the CISO. This role will be accountable for keeping clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, reporting of security risks to the CISO and appropriate committees, as well as a key player in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points. In addition, this role will ensure business compliance with the Information Security Policy and Standards while continuously monitoring and reporting on risks and documented exceptions.

Establish a documented Information Security Program and supporting strategy for the area of responsibility (AOR)

  • Ensure program is aligned with the Information Security Program, Policies and Standards
  • Ensure inclusion of all applicable regulatory, legal and contractual obligations
  • Leverage the Enterprise and specific Information Security Risk Assessments to establish and monitor the program
  • Update the program annually

Key Success Criteria

  • Support the Business Unit and CISO in seeking cost optimizing and driving reduction in operations costs of managing the security controls.
  • Increased levels of security across designated Business Unit.
  • Improved compliance with security standards and policies across Business Unit teams.
  • Greater awareness of information security and data privacy requirements (globally); and
  • Drive adoption of global security program standards throughout the product and core business platform teams.



  • Bachelor’s Degree or equivalent experience
  • Five years or more year of experience in audit or information security related role.
  • Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
  • Project management experience highly desired
  • Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
  • Ability to interpret and apply policies and regulations across a large, complex business
  • Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
  • High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
  • Advanced skills with MS-Windows and other related PC applications

Contact Information:

For immediate consideration please email a resume to