Context
The BISO will act as the point of contact for business units and report directly to the CISO. The ideal candidate should have a strong technical background in IT infrastructure (e.g., firewalls, proxies, DNS, Active Directory) and knowledge of Hyper-Converged Infrastructure and Software-Defined Data Centers (SDDC) is advantageous. Familiarity with Extended Detection and Response (XDR) and related tools (e.g., Endpoint Detection and Response (EDR), Network Detection and Response (NDR)) is also beneficial.
Mission
The Business Information Security Officer (BISO) will serve as the primary point of contact for business units regarding all security-related issues. The BISO will support the implementation of the security-by-design principle and assist in performing risk assessments and developing requirements to mitigate identified risks.
Additionally, the BISO will collaborate with the Chief Information Security Officer (CISO) on governance, risk, and compliance (GRC) tasks, including reviewing policies and refining procedures and processes (e.g., SDLC). The BISO will also be responsible for supporting the implementation of various security projects, such as Identity and Access Management (IAM) and Privileged Access Management (PAM). In times of crisis or incidents, the BISO will work closely with the entire team to resolve issues promptly.
Profile
- Proven experience in IT infrastructure (firewalls, proxies, DNS, Active Directory)
- Proven experience in project support, particularly in security topics and security by design
- Proven experience with Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) in IT and OT
- Proven experience with risk assessment frameworks (e.g., EBIOS)
- Proven experience with Secure Software Development Life Cycle (S-SDLC) implementation
- Knowledge of Hyper-Converged Infrastructure and Software-Defined Data Centers (SDDC)
- Knowledge of Extended Detection and Response (XDR) and related tools (e.g., EDR, NDR)
- Proven experience in a security role or with security standards (e.g., ISO27001, NIST, CIS controls)
- Proven experience with incident response
We use the pronoun « they » or « the candidate » wherever possible to include all individuals when talking about candidates, regardless of their gender identity. We believe that everyone should be treated with respect, regardless of their gender identity.