Req ID#: 12887BR-1
The Business Information Security Manager (BISM) plays an integral part in the development, implementation, and compliance of information security across the enterprise; serving at the business segment level. The Business Information Security Manager is responsible for managing risks related to information security, physical security, privacy, and compliance.
The position serves as an advocate for the business but maintains a clear focus on information security, risk and compliance. The BISM will manage and co-ordinate all information security activities, programs and initiatives for the business unit as well as provide security incident support.
Security Policy, Standards, Processes and Procedures
Reporting and Metrics
Reporting security performance against established security metrics
Present findings to manager on compliance reporting for Information Securities Policies. Drive the Business Continuity Planning and DR strategy for the business unit.
Understanding the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balancing this with risk investments
Coordinating with technology and business groups to assess, implement, and monitor security related risks
Maintaining a risk registry and related risk treatment plans for the business unit.
Develop recommendations and take appropriate action. Present to Information Technology management development/implementation plan for secure solutions.
Ensure new products/services, applications, new third party or client relationship, etc. has appropriate security controls embedded and that the risks are appropriate addressed
Suppliers and Third Parties
Security Consulting in M&A and other due diligence initiatives
Participate in M&A and other due diligence initiatives in support of the business unit; Working closely with the broader M&A teams.
Participate in business unit client facing engagements and present as needed
Primary point of contact for all IT internal audits, participates in scoping, deliverable requests, collaborate with senior leadership to clear audit reports and help ensure effectiveness/completeness of action plans.
Incidents and Investigations
Engage with and serve as the primary point of contact with business and technology stakeholders for information security, risk and compliance matters.
Develop and maintain relationships and partnerships with internal (Deluxe Security, business portfolio, and governance teams) and external business partners to provide appropriate transparency to enterprise risks and discuss transformative and strategic matters.
Bachelors degree (or equivalent experience) in information security
8+ years of work experience (Information security, Risk, or Compliance)
Certification required in one or more of the following CISSP, CISM, CISA, or equivalent
Security Risk, Governance and Compliance knowledge, methods, and processes
A solid background providing security solutions
Excellent communication skills including the ability to translate technical/security issues to business users
Excellent Leadership skills with ability to independently lead virtual teams to deliver results
Self-motivated, willingness to take on challenges and adaptability to change and manage changing priorities
A sound understanding of security best practice and international standards such as NIST, ISO 27000 and PCI DSS.
Good understanding of software development processes particularly in relation to secure development
Good understanding of key network and technical security controls
Security Training and Awareness and Security Incident Management knowledge experience
Demonstrable experience of driving operational implementation of policies and processes across business units, using influencing and security skills
Demonstrable experience of working within regulated environments
Knowledge and experience of Information Security Risk and Security governance
Understanding of risks in banking/ financial services sector will be an added advantage
Deluxe Corporation is an Equal Opportunity / Affirmative Action employer:
All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, disability, sex, age, ethnic or national origin, marital status, sexual orientation, gender identity or presentation, pregnancy, genetics, veteran status or any other status protected by state or federal law.
Please view the electronic