Senior Business Security Officer (Lead BISO)

The Lead BISO will report to the Group CISO, jointly they will deliver the defined security strategy ensuring continuous improvement in both security and risk posture as well as the delivery of security services and the security change portfolio. The Deputy CISO will attend governance committees, at all levels in the organisation, on behalf of the CISO as and when required, as such will need to be able to demonstrate technical depth, risk management capabilities and effective stakeholder management.

Working as the Lead BISO you will have strategic ownership of business and client facing security capabilities. The role will lead on embedding security practises across technology and the wider organisation as well as embedding an enabling culture. Designing a structure to support all lines of business horizontally, developing both indepth technical security support for application teams as well as commercially aware security advisors with high levels of business intimacy.

The Lead BISO will have in depth knowledge of all Security functions and will be able to demonstrate deep understanding of security domains such as Cyber Defence and Cyber Offence enabling them to both lead and guide the team, as well as effectively challenge the Security Run services on behalf of the business.

The Lead BISO will also own the delivery of a programme of work covering regular and mandatory reporting of control effectives for external parties including SoX, SOC2 as well as the relationship with external auditors from a cyber security perspective. Demonstrable awareness of the changing regulatory environment and geographic considerations is essential as this will inform strategic decisions.

This role is part of Information & Cyber Security Leadership Team and resides within Corporate IT, reporting to the Global Chief Information Security Officer.

The Role

Responsible for overseeing and coordinating, at a day-to-day level, activities for the team that will provide the following operational services and teams:
Business facing Security Enablement
Application security support
Country Specific Security Support
Security awareness and communication
Control testing in support of regulation and audit
Client facing Security subject matter experts

Additionally, as required oversight and leadership of the wider security services and team. Including the ability to lead, direct and manage across both security and technology during a major cyber incident in a calm and authoritative manner.

Collaborate with peers across Technology and the wider enterprise as well as within Information and Cyber Security to facilitate the effective operation and improvement of the function as a whole

Manage effectively key senior stakeholders including Business Executive and Board Level

Lead Cyber Security the programmes of work redefining security culture and cyber resilience, as defined within the security strategy.

Act as a key individual in determining the technical security strategy in partnership with enterprise architecture and communicating with a broad range of senior stakeholders.

Represent the business and client to ensure that all change is supported enabling business growth in a risk reducing manner.
Provide reporting on key performance indicators and Governance meetings

The Requirements:

Technical skills:
Experience of advanced security engineering including automation of operations
Experience managing an operational team including 24x7 follow the Sun operations, service level agreements and management, workflow, escalations, key performance indicators and customer satisfaction
In-depth knowledge and understanding of how to handle and respond to security incidents as part of a specialised incident response team
Strong working knowledge and thorough understanding of Protective Monitoring, Vulnerability Monitoring, Threat Intelligence and Threat Hunting
Knowledge and understanding of a wide variety of security technologies and processes
Up-to-date knowledge of current exploit techniques, vulnerability disclosures, data breach incidents, and security analysis techniques, combined with the understanding of the potential impact on the security posture

Additionally, the following are desirable but not essential:

Degree in a relevant Information Technology or Information Security area
Information Security specific qualification is desirable (such as CISM, CISSP, MInstISP)
Expert understanding of all aspects of technical information security
Strong understanding of cybersecurity standards and frameworks eg ISO27001, NIST, CIS, OWASP, SANS

Non-technical skills:
Excellent stakeholder management and interpersonal skills at both a technical and non-technical level
Proven ability to lead, manage and motivate a large team
Ability to manage conflicting priorities and multiple tasks in a high-pressure environment
Strong knowledge and understanding of Programme and Project Management at a portfolio level, including change and transformation programmes
Effective change agent with the ability to adjust change approach based on circumstances
Politically aware with outstanding influencing ability and the ability to work with senior management
Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel
Able to work in a collaborative environment
Outstanding critical reasoning and problem-solving skills, sticks to the problem until it is resolved
Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues and constraints of Digital businesses

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.