2

BISO Cybersecurity Director

27095-Strategic Accts-ABM INDUSTRY GROUPS
Full-time
On-site
Alpharetta, Georgia, United States
Description

ABM (NYSE: ABM) is a leading provider of facility solutions with revenues of approximately $6.4 billion and over 130,000 employees in 300+ offices deployed throughout the United States and various international locations. ABM’s comprehensive capabilities include electrical & lighting, energy solutions, facilities engineering, HVAC & mechanical, janitorial, landscape & turf, mission critical solutions and parking, provided through stand-alone or integrated solutions. 


ABM is currently seeking a highly motivated and experienced Cybersecurity Director, BISO (Business Information Security Officer).  This role will serve as a senior leader within the Information Security team reporting directly to the Senior Vice President, Chief Information Security Officer. 


This role will serve as a senior leader within the Information Security team reporting directly to the Senior Vice President, Chief Information Security Officer.  The business information security officer (BISO) serves as a trusted security advisor to lines of business. The BISO understands security risks and technologies and is able to effectively communicate them to business units. The BISO works in tandem with the business across multiple services and platforms to address risk, while advising business leaders to ensure they are making decisions with security in mind. The BISO is an advanced role supporting the cybersecurity program. This individual provides leadership, executive support, and strategic and tactical guidance for a world-class cybersecurity program supporting enterprise security initiatives. As a business enabler, the BISO is an effective communicator with the technical aptitude to drive security fundamentals into aspects of the business. 


The BISO must be capable of working closely with senior management, third parties, project managers and business subject matter experts (SMEs). Additionally, the BISO must be personable and able to translate cybersecurity issues to business leader initiatives. The BISO must have a technical background and be able to understand technologies, their purpose, and their security requirements and data protection needs, wherever they reside. BISOs should also understand threats, as well as risk mitigations and technical controls recommended by security leaders.


Responsibilities:


In the role of the Cybersecurity Director, BISO you will also hold more general responsibilities, such as:



  • Serve as a trusted advisor with business unit leadership.

  • Act as a liaison to ensure cybersecurity practices are built into business unit initiatives for the entire lifecycle.

  • Act as a trusted point of contact across business units.

  • Work closely with security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.

  • Be actively informed and engaged in security projects across the business.

  • Provide disaster recovery and business continuity planning advice when working with leaders for business and cybersecurity resiliency. 

  • Enforce the strong security culture set forth by the CISO, ensuring uniformity across security leadership, business units and employees.

  • Foster strong relationships with internal business units and excel in cybersecurity communication. 

  • Advise business units on enterprise-wide people, process and technology security recommendations.

  • Bachelor's Degree in Business, Computer Science, Information Security, or related field from an accredited college

  • Minimum of 15(+) years of work experience with a minimum of 10 in Information Technology; with increasing level of responsibility in an organization with similar operational scale and geographic footprint.

  • Experience working with information security management, information management, information systems, legal, compliance, and data governance and/or risk management.

  • Familiarity and knowledge with relevant legal and regulatory requirements like SOX, HIPAA, CPAA, and GDPR.

  • In-depth knowledge of information risk concepts/related business needs to security controls.

  • Understanding of Cloud Computing. 

  • Knowledge in security controls frameworks design, application, and testing.

  • Multi-task orientation to handle multiple competing tasks at once while remaining flexible to changing requirements and priorities.

  • Substantial tactical planning capabilities including analytical and innovative thinking.

  • Excellent interpersonal and communication capabilities essential given diverse nature of operating landscape and cultural sensitivities.

  • Must operate with a high degree of integrity and will be expected to work on confidential projects. 

  • Strong communications skills (both verbal and written English) required.

  • Strong level of experience using the MS suite of Products.

  • Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and regulators.

  • Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.

  • Ensure business projects are focused on cybersecurity from the beginning.

  • Identify and document threats and vulnerabilities that may impact the business and address them regularly with business units.

  • In conjunction with security and business leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to non-technical teams in terms that are accessible and comprehensible. 

  • Provide motivation to business units to adopt cybersecurity controls. 

  • Remove complexity and obstacles that hinder efficient security controls enterprise-wide.

  • Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure and applications.

  • Stay abreast of new laws, regulations and standards, and assess their impact to the business.

  • Verify security content training initiatives and internal/external communication are conducted regularly.

  • Openly support the CISO, management team and executive leadership, even during tumultuous times.

  • At least 3 years’ experience working with business leadership and enterprise projects.

  • Strong written and verbal communication skills across all levels of the organization.

  • Capable of working with diverse teams and promoting an enterprise-wide positive security culture.

  • High level of integrity, trustworthiness and confidence, and able to represent the company and security leadership with the highest level of professionalism. 

  • Adept at understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.

  • Strong project management, multitasking and organizational skills.

  • Ability to work effectively with diverse teams and varying personalities, and adapt management style to effectively reach mutually beneficial outcomes. 

  • Able to attain and preserve credibility with the team through sustained industry knowledge. 

  • Able to motivate the team to achieve excellence, and give credit and recognition where it is due.

  • Applicable knowledge of national and global cybersecurity policies, regulations and security frameworks.

  • Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.

  • Perform other duties as assigned.


Required Qualifications:



  • Bachelor's Degree in Business, Computer Science, Information Security, or related field from an accredited college

  • Minimum of 15(+) years of work experience with a minimum of 10 in Information Technology; with increasing level of responsibility in an organization with similar operational scale and geographic footprint with at least 5+ years in an operationally focused security practitioner role.     

  • At least 3 years’ experience working with business leadership and enterprise projects.

  • Strong written and verbal communication skills across all levels of the organization.

  • Capable of working with diverse teams and promoting an enterprise-wide positive security culture.

  • High level of integrity, trustworthiness and confidence, and able to represent the company and security leadership with the highest level of professionalism. 

  • Adept at understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.

  • Strong project management, multitasking and organizational skills.

  • Ability to work effectively with diverse teams and varying personalities, and adapt management style to effectively reach mutually beneficial outcomes. 

  • Able to attain and preserve credibility with the team through sustained industry knowledge. 

  • Able to motivate the team to achieve excellence, and give credit and recognition where it is due.

  • Applicable knowledge of national and global cybersecurity policies, regulations and security frameworks.

  • Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.

  • Experience working with information security management, information management, information systems, legal, compliance, and data governance and/or risk management.

  • Familiarity and knowledge with relevant legal and regulatory requirements like SOX, HIPAA, CPAA, and GDPR.

  • In-depth knowledge of information risk concepts/related business needs to security controls.

  • Understanding of Cloud Computing. 

  • Knowledge in security controls frameworks design, application, and testing.

  • Multi-task orientation to handle multiple competing tasks at once while remaining flexible to changing requirements and priorities.

  • Substantial tactical planning capabilities including analytical and innovative thinking.

  • Excellent interpersonal and communication capabilities essential given diverse nature of operating landscape and cultural sensitivities.

  • Must operate with a high degree of integrity and will be expected to work on confidential projects. 

  • Strong communications skills (both verbal and written English) required.

  • Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes. 

  • Must have measured courage to say "no," to focus on key priorities.

  • Strong ability to think creatively when approaching issues.

  • Strong critical thinking and problem-solving skills.

  • Ability to think strategically and innovatively, including a demonstrable capacity to proactively identify and respond to relevant IT Risk related issues of both long-term and immediate importance to the Company.

  • Exceptionally self-motivated, directed and detail oriented.

  • Strong level of experience using the MS suite of Products.

  • Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and regulators.

  • Self-starter that can work efficiently both independently and with teams.


 


Preferred Qualifications:



  • A Master’s degree from an accredited college or university 

  • One or more of the following additional Information Security certifications are preferred: ITIL, CISA, CISM, GMON, CISSP, GSNA, CRISC, GSE, CCSP, CHFI.


Benefit Information:


ABM offers a comprehensive benefits package.  For information about ABM’s benefits, visit:


https://www.abm.com/wp-content/uploads/2023/11/2024-Recruitment-Staff-Mgmt-11.6.23.pdf