Business Information Security Officer - Gcs

The Business Information Security Officer (BISO) is a strategic partner to SBU technology and business leaders in their implementation of Liberty Mutual`s cybersecurity program. The BISO proactively drives alignment between business unit objectives and the enterprise security strategy. As a business enabler, the BISO ensures business decisions adhere to corporate security policies and are implemented with security top of mind, while being mindful to the practicalities of speed, agility, and business results. Based on SBU strategic security needs, the BISO has strong influence over the delivery and priority of service features and development of new security services or products. With a focus on continuous improvement of the security culture, process, and technology that protect our policyholders and employees and informed by industry trends, the BISO drives a focus on security for all employees.

There are 2 BISO openings. One position will be aligned to Global Retail Markets (GRM) Technology and the other position will be aligned to Corporate Functions (CF) and Liberty Mutual Investments (LMI) Technology.

About the role:

• Ensures the priority of security work to SBU teams is balanced appropriately amongst other SBU priorities.
• As needed to support SOC and/or legal functions pertinent to SBU, assists in the management of security incidents and events to protect IT assets, regulated data, and the company`s reputation.
• Initiates and fosters partnerships with SBU stakeholders, such as IT leadership, Product Owners, and senior business executives; develops relationships that promote trust and increase efficiency and effectiveness of program implementation; balances individual customer needs with business priorities assuring alignment with Global Cybersecurity strategies.
• Commits to continual learning, particularly as it relates to regulatory, technology, and cybersecurity and privacy industry trends, applying knowledge to global strategy and program improvements.
• Stays current with the external threat environment for emerging threats and ensure advisement to relevant stakeholders on the appropriate course of action.
• Advances the development of the security champion program to expand the depth and reach of security across the SBU application development teams.
• Support the development of risk remediation action plans or exception process as needed.
• As applicable, collaborates with local counsel on incident resolution and regulatory compliance matters.
• Participates in SBU program increment planning events. As a dotted line member of the SBU CIO leadership team, influences and cascades a strategic cyber risk management vision that scales to the SBU to effectively secure the business without slowing company innovation and execution.
• Develops and maintains a network of industry contacts; perform or direct research on industry trends, competitors, business and IT products; makes strategic and tactical recommendations.
• Advocates for security recommendations for third party risk management with business owners of third party relationships, such as decision to engage services, necessary remediation, and actions resulting from ongoing monitoring.
• Strongly influences the delivery and priority of service features and development of new security services or products.
• Drives the shared accountability for the delivery and ongoing management of secure applications. With other SBU aligned BISOs and CISO, defines and effectively communicates key performance indicators (KPIs), key risk indicators (KRIs) and metrics.

• Strong interpersonal skills with the ability to effectively influence others.
• Ability to build collaborative working relationships with a broad range of enterprise stakeholders.
• Extensive knowledge across a broad range of identity and access management technologies.
• In depth knowledge of project delivery, business operations, objectives and strategies.
• In depth knowledge of IT concepts, strategies and methodologies and their application to business opportunities.
• Generally more than 10 years related experience with 5 years in leadership role.
• Bachelor`s or Master`s Degree in technical or business discipline or related experience; Master`s Degree preferred.
• Demonstrated real world, hands on technical design and implementation experience.
• Advanced knowledge of management concepts, practices and techniques.
• Strong familiarity with Information Security precepts, practices, and solutions.
• Strong decision making capabilities, with proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That’s why we provide an environment focused on openness, inclusion, trust and respect. Here, you’ll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession. We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more, please visit https://www.libertymutualgroup.com/about-lm/careers/benefits

Liberty Mutual has proudly been recognized as a “Great Place to Work” by Great Place to Work® US for the past several years. We were also selected as one of the “100 Best Places to Work in IT” on IDG’s Insider Pro and Computerworld’s 2020 list. We have been named by Forbes as one of America’s Best Employers for Women and one of America’s Best Employers for New Graduates—as well as one of America’s Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit: https://jobs.libertymutualgroup.com/diversity-inclusion

Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran’s status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.