As Business Information Security Office (BISO) Senior Security Specialist \xe2\x80\x93 USA you will function as the security interface and single point of contact (SPOC) for enterprise security for an assigned geographic region (GEO). As a trusted advisor to the GEO and its customers, the BISO Senior Security Specialist\xe2\x80\x99s help the business achieve its objectives effectively while not compromising on security, by providing advice and guidance to ensure activities are aligned to SITA\xe2\x80\x99s overall enterprise security governance, policies, standards and strategic security improvement program. To achieve this, the BISO will work closely with the GEO stakeholders to gain a deep understanding of their business in order to help balance information security and data privacy risk, and risk-based discussions. As part of the BISO team, you will work closely with the CISO and other BISO team members to help align practices consistently across the entire organization, and to drive security transformations that are holistic while meeting customer requirements and best practices in security and data privacy. The BISO Senior Security Specialist will understand the key assets and processes, and identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary.
This role will liaise between the GEO business leadership, the Product Security team and Enterprise Security Teams, keeping clear lines of communication including but not limited to:
transparency to the business on upcoming security initiatives
reporting of security risks to the CISO and appropriate committees
provide input to the Information Security Improvement Program
input into business process\xe2\x80\x99s related to information security incident response process, identifying impact to the business and to customers, helping to shape remediation, and developing external and internal message points.
You will be accountable for combining business acumen with technical knowledge as the BISO assists in improving the information security posture with respect to delivering services and partnering with the GEO leadership. Reporting to the Chief Information Security Officer CISO you will be a part of BISO Team. The world is changing. Are you ready to define with future of travel with us? What you will do:
Participating in managing a documented Information Security Program and supporting security strategy for the GEO
Ensure the program is aligned with SITA Information Security Programs Governance, Policies and Standards while monitoring and reporting on risks and documented exceptions
Provide input into the enterprise Governance, Security Policy and Standards revisions
Ensure awareness of all applicable regulatory, legal and contractual obligations
Ensure clear lines of communication between GEO, the Enterprise Security Teams, Product and Operations security teams.
Act as the primary local single point of contact for security and provide a priority escalation path for significant security concerns and inquiries
Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc.
Participate in region related conferences, client facing engagement, industry forums to represent SITA\xe2\x80\x99s Cybersecurity program
Evangelizing security awareness across the GEO
Drive information security risk management, policy compliance, data protection, education and awareness
Develop and maintain in depth understanding of GEO\xe2\x80\x99s processes, systems, technologies, data, customers, consumers, partners
Proactively identify security and privacy non-compliance and areas of potential improvement, and facilitate development and deployment of standard solutions
Provide reporting on the state and efficacy of security and privacy controls for their projects and platforms
Partner with local Compliance, Legal and IT resources to achieve effective working relationships that can further the effectiveness of the Security program
Provide regular and timely reporting on the status of cyber security across the GEO
Work with Security Incident Response and Crisis Management teams to assist in effectively driving incidents to acceptable resolution
Qualifications
Who you are:
10+ years of experience in Cloud and Information Technology
7+ years of experience in governance, compliance, audit and risk management
7+ years of experience in Information Security related role (architecture, technology)
5+ years of experience in penetration testing, application testing, vulnerability identification and management, and red team engagements
Experience with Data Privacy regulatory requirements an asset
Security/Risk certification such as CISSP, CISM, CISA or similar preferred
Experience in the Aviation or transportation sectors preferred
Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
Experience working in Agile methodology
Experience working in a matrix model, as the BISO supports operational and transformational efforts for a given region or organizational function
Ability to manage multiple complex priorities and competing agendas without express authority over GEO resources or teams
Ability to interpret and apply policies and regulations across a large, complex business
Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
Strong relationship, team building and facilitation skills
Ability to translate technical/security issues to business users
Ability to independently influence others to achieve objectives
Service Level Management experience
What we offer: SITA\xe2\x80\x99s workplace is all about diversity: many different countries and cultures are represented in our workforce, and colleagues who\xe2\x80\x99ve been working here for decades collaborate with those just out of college and early in their careers. SITA is a place of change and constant improvement, where we\'re always pushing ourselves to find better ways of doing things: smarter, quicker, easier, for us and our customers and for their customers too. And we offer all the good stuff you\xe2\x80\x99d expect like holidays, bonus, flexible benefits, medical policy, pension plan and access to world class learning. Welcome to SITA SITA is the world\xe2\x80\x99s leading specialist in air transport communications and information technology. We don\xe2\x80\x99t just connect the global aviation industry. We apply decades of experience and expertise to address almost every core business, operational, baggage, and passenger process in air transport. We design, build, and support technology solutions all with one vision to create easy air travel every step of the way. As an organization, we cover 95% of all international air travel destinations and work with over 2,800 air transport and government customers in every corner of the globe. Are you ready to explore the opportunities? Keywords: CISO, BISO, Security, CISSP, In case of issues with uploading your CV or accessing the application system, please contact us @ careers@sita.aero SITA is an Equal Opportunity Employer M/F/Disability/Veteran. SITA does not discriminate based on age, race, color, creed, religion, national origin, sex, sexual orientation, gender identity, disability, marital status, age, Vietnam Era Veteran status, or any other characteristic protected by state or federal law. SITA is committed to assuring equal employment opportunity and equal access to individuals with disabilities. SITA will provide reasonable accommodation to a qualified individual with a disability to enable such individual to perform the essential functions of the position for which he/she is applying or in which he/she is employed.
SITA\'s equal employment opportunity policy applies to all employment practices and actions, including, without limitation, recruitment, application process, examination and testing, hiring, training, disciplinary actions, rate of pay or other compensation, advancement, classification, transfer, reassignment and promotions.
Beware of fraud agents! do not pay money to get a job
MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.