Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Business Information Security Manager

Expired Job

Deluxe Corporation Shoreview , MN 55126

Posted 2 months ago

Req ID#: 12887BR-1

Description

The Business Information Security Manager (BISM) plays an integral part in the development, implementation, and compliance of information security across the enterprise; serving at the business segment level. The Business Information Security Manager is responsible for managing risks related to information security, physical security, privacy, and compliance.

The position serves as an advocate for the business but maintains a clear focus on information security, risk and compliance. The BISM will manage and co-ordinate all information security activities, programs and initiatives for the business unit as well as provide security incident support.

Accountabilities:

Security Policy, Standards, Processes and Procedures

  • Ensuring effective implementation of information security standards, processes and procedures, and guidelines for the business line in cooperation with the enterprise Information Security Program.

Reporting and Metrics

  • Reporting security performance against established security metrics

  • Present findings to manager on compliance reporting for Information Securities Policies. Drive the Business Continuity Planning and DR strategy for the business unit.

Compliance

  • Ensuring and monitoring security compliance with industry, regulatory and contractual obligations (working closely with Corporate Legal, Compliance and Security teams)
  • Ensuring security compliance and meeting all service-level agreement requirements

Risk Management

  • Understanding the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balancing this with risk investments

  • Coordinating with technology and business groups to assess, implement, and monitor security related risks

  • Maintaining a risk registry and related risk treatment plans for the business unit.

Vulnerability Management

  • Ensure device, system, and application vulnerabilities are remediated in a timely manner according to Deluxe policy and standards

Security Solutions

  • Develop recommendations and take appropriate action. Present to Information Technology management development/implementation plan for secure solutions.

  • Ensure new products/services, applications, new third party or client relationship, etc. has appropriate security controls embedded and that the risks are appropriate addressed

Security Awareness

  • Supporting an information security awareness program to ensure staff members across the organization understand the risks and their role in protection the environment

Suppliers and Third Parties

  • Where applicable, oversee the security of key suppliers and third party service providers.

Security Consulting in M&A and other due diligence initiatives

  • Participate in M&A and other due diligence initiatives in support of the business unit; Working closely with the broader M&A teams.

  • Participate in business unit client facing engagements and present as needed

  • Primary point of contact for all IT internal audits, participates in scoping, deliverable requests, collaborate with senior leadership to clear audit reports and help ensure effectiveness/completeness of action plans.

Access Management

  • Facilitate any required access management and entitlement review processes

Incidents and Investigations

  • Lead security related incidents and investigation resulting from business unit working closely with the corporate cybersecurity operations and compliance teams.

Relationship Management

  • Engage with and serve as the primary point of contact with business and technology stakeholders for information security, risk and compliance matters.

  • Develop and maintain relationships and partnerships with internal (Deluxe Security, business portfolio, and governance teams) and external business partners to provide appropriate transparency to enterprise risks and discuss transformative and strategic matters.

Required:

  • Bachelors degree (or equivalent experience) in information security

  • 8+ years of work experience (Information security, Risk, or Compliance)

  • Certification required in one or more of the following CISSP, CISM, CISA, or equivalent

  • Security Risk, Governance and Compliance knowledge, methods, and processes

  • A solid background providing security solutions

  • Excellent communication skills including the ability to translate technical/security issues to business users

  • Excellent Leadership skills with ability to independently lead virtual teams to deliver results

  • Self-motivated, willingness to take on challenges and adaptability to change and manage changing priorities

  • A sound understanding of security best practice and international standards such as NIST, ISO 27000 and PCI DSS.

  • Good understanding of software development processes particularly in relation to secure development

  • Good understanding of key network and technical security controls

  • Security Training and Awareness and Security Incident Management knowledge experience

  • Demonstrable experience of driving operational implementation of policies and processes across business units, using influencing and security skills

  • Demonstrable experience of working within regulated environments

  • Knowledge and experience of Information Security Risk and Security governance

  • Understanding of risks in banking/ financial services sector will be an added advantage

Deluxe Corporation is an Equal Opportunity / Affirmative Action employer:

All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, disability, sex, age, ethnic or national origin, marital status, sexual orientation, gender identity or presentation, pregnancy, genetics, veteran status or any other status protected by state or federal law.

EOE/Minorities/Females/Vet/Disability

Please view the electronic


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Engineer 5 Security Code Review Triage Lead

Wells Fargo

Posted Yesterday

VIEW JOBS 11/16/2018 12:00:00 AM 2019-02-14T00:00 Job Description At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Corporate Risk helps all Wells Fargo businesses identify and manage risk. We focus on three key risk areas: credit risk, operational risk, and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company. Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle. Enterprise Information Security's (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer. Note: This position may sit at any core Wells Fargo location or telecommute The EIS Security Code Review (SCR) team provides application vulnerability and risk identification for many of the critical applications used by Wells Fargo, from an automated and manual static analysis (code level) perspective. Within the Cyber Security Defense and Monitoring (CSD&M) organization, this Information Security Engineer 5 (ISE5) position will serve as a high level technical security resource. The ISE5 will conduct automated source code level assessment to identify security vulnerabilities and ensure compliance with corporate security policies and adherence to best practices. This is an exciting opportunity to be part of a growing team of niche, high performance security talent, while leveraging mature security code review processes, that will be responsible for the assessment of code level security issues for public facing applications, internally hosted and vendor hosted, supporting local, vendor-integrated, and remote review capabilities. Reviews encompass a vast assortment of language technologies that vary between reviews, with the majority split between both Microsoft and Java-based technologies spanning mobile applications, classic web applications/portals, newer innovation applications, and more. While working to your strengths in reviews aligned to your own unique core technology background, you will have supported opportunity to learn new technologies and gain new skills. In fact, professional development is one of the core work objectives for each SCR team member, where enhancing current and building new capabilities are favorable traits and encouraged. This position will report directly to the Security Code Review Leader within Cyber Threat Management (CTM), and will be working with a high performance team of security engineers focused on driving success of manual and automated security review capabilities within the SCR Team that operates as part of CTM within EIS CSD&M. This is an exciting opportunity as Wells Fargo continues to improve and expand our core capabilities in application vulnerability detection, risk identification, and reporting. Accountabilities include, but are not limited to: * Build applications and execute SAST tools such as Fortify and Checkmarx for static analysis, supporting multiple technologies including Java, .Net, iOS, Android, and more * Continually learn and grow ability to support additional technologies * Support scanning tool upgrades, testing of new releases, and troubleshooting of production issues relative to processes * Mentor newer or more junior team members, both within the US and internationally, and support other engineers with complex scenarios and applications * Manage the review queue for the Triage processes; manage engineer assignments and respond to questions and inquiries related to ongoing projects * Document and/or update process documentation for team members as well as external stakeholders * Collaborate with Wells Fargo business partners who are stakeholders in the code review process * Participate in or conduct presentations to the broader Wells Fargo community * Participate in strategy planning and/or new initiatives that work to continually advance the team's capabilities Team members are spread across several locations, with the majority of the team working remotely. We focus on hiring the best talent regardless of the location. We don't expect you to join us and hit the ground running. We take what we do seriously, and expect to train you on our processes with a learning curve that will take several months to master fully. We believe in diversity. Your opinions matter to us, opening discussion forums to the opinions of all team members so that we can uniformly make strategic and operational improvements that consider all sides or inviting you to opt-in to specialized team or department level working groups that assess unique and diverse topics in code level security that will help to optimize vulnerability detection, how we assess risk, and consider appropriate safeguards. If this sounds like a position that interests you, apply today. We'd like to understand your capabilities, background, and opinions on application security. Required Qualifications * 7+ years of information security applications and systems experience * 5+ years of J2EE experience or 5+ years of .net experience * 3+ years of SAST (Static Analysis Software Testing) experience Desired Qualifications * Advanced Information Security technical skills and understanding of information security practices and policies * Ability to manage complex issues and develop solutions * Excellent verbal and written communication skills * Knowledge and understanding of technology testing: web-based applications developed in Java or .net framework * Knowledge and understanding of design and development of modern web applications and mobile technologies * Ability to execute in a fast paced, high demand, environment while balancing multiple priorities * Ability to articulate issues, risks, and proposed solutions to various levels of staff and management * Ability to translate and present complex technical data across technical and non-technical groups * 3+ years of ANT or Maven experience * Knowledge and understanding of C++ * 3+ years of MS Visual Studio experience * Fortify Code Analyzer experience Other Desired Qualifications * Experience with, or understanding of, AJAX and web services * Experience with server-side JavaScript * Experience with Salesforce Apex * Experience writing rules for SAST tools like HP Fortify, SCA, and Checkmarx * Involvment in local security groups, such as OWASP local Chapters * Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.) * Understanding of SSL/TLS and Cryptography (symmetric and asymmetric encryption, PKI, etc.) * Ability to handle difficult situations and to provide alternative solutions or workarounds * Flexible and creative in helping to find acceptable solutions * CISSP, CSSLP, GSSP, or comparable security certification * Ability to comprehend large, complex applications written by others from reading source code * Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications * Ability to stay current with emerging technologies and industry trends Disclaimer All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act. Relevant military experience is considered for veterans and transitioning service men and women. Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation. Wells Fargo Shoreview MN

Business Information Security Manager

Expired Job

Deluxe Corporation