Business Information Security Officer (BISO) (Information System Proj Mgmt 4)

Come Join HII! Where Hard Stuff is Done Right!

Mission Technologies is seeking a business information security officer (BISO) to work out of our Fairlakes office in Fairfax, VA. The business information security officer (BISO) serves as a trusted cybersecurity advisor to their assigned division. The BISO understands cybersecurity risks and technologies and can effectively communicate them to business units. The BISO works in tandem with the business across multiple services and platforms to address risk, while advising business leaders to ensure they are making decisions with cybersecurity in mind. The BISO is an advanced role supporting the cybersecurity program. This individual provides leadership, and strategic and tactical guidance for a world-class cybersecurity program supporting enterprise security initiatives. As a business enabler, the BISO is an effective communicator with the technical aptitude to drive cybersecurity fundamentals into aspects of the business.  

The BISO must be capable of working closely with senior management, third parties, project managers and business subject matter experts (SMEs). Additionally, the BISO must be personable and able to translate cybersecurity issues to business leader initiatives. The BISO must have a technical background and be able to understand technologies, their purpose, and their security requirements and data protection needs, wherever they reside. BISOs should also understand threats, as well as risk mitigations and technical controls recommended by security leaders. This role requires both deep security expertise and strong business acumen to enable secure growth, operational resilience, and regulatory compliance 

Responsibilities: I want to and can do that!

•    Serve as a trusted advisor to the division CIO and business unit leadership.
•    Act as a liaison to ensure cybersecurity practices are built into business unit initiatives for the entire lifecycle.
•    Act as a trusted point of contact across business units.
•    Work closely with cybersecurity leadership and division CIO to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.
•    Be actively informed and engaged in cybersecurity projects across the business.
•    Provide disaster recovery and business continuity planning advice when working with the division CIO for business and cybersecurity resiliency. 
•    Enforce the strong security culture set forth by the division CIO, ensuring uniformity across cybersecurity leadership, business units and employees.
•    Foster strong relationships with internal business units and excel in cybersecurity communication. 
•    Advise business units on enterprise-wide people, process and technology cybersecurity recommendations.
•    Maintain up-to-date knowledge related to cybersecurity threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.
•    Ensure business projects are focused on cybersecurity from the beginning.
•    Identify and document threats and vulnerabilities that may impact the business and address them regularly with business units.
•    In conjunction with cybersecurity, the division CIO, and business leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to non-technical teams in terms that are accessible and comprehensible. 
•    Provide motivation to business units to adopt cybersecurity controls. 
•    Remove complexity and obstacles that hinder efficient cybersecurity controls enterprise wide.
•    Build relationships with division business units and CIO office to deliver security-by-design controls incorporated into projects, architecture, infrastructure and applications.
•    Stay abreast of new laws, regulations and standards, and assess their impact to the business.
•    Verify cybersecurity content training initiatives and internal/external communication are conducted regularly.
•    Openly support the CISO and division CIO, management team and executive leadership, even during tumultuous times.
•    Perform other duties as assigned. 

Requirements: I have already done that or have it!

•    9 years relevant experience with Bachelors in related field; 7 years relevant experience with Masters in related field; 4 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 13 years relevant experience.
•    One or more Cyber related certifications (CISSP, CISM, CRISC, CISA
•    At least 3 years’ experience working with business leadership and enterprise projects.
•    Strong written and verbal communication skills across all levels of the organization with outstanding written and verbal business and cybersecurity communication skills.
•    Capable of working with diverse teams and promoting an enterprise-wide positive cybersecurity culture.
•    High level of integrity, trustworthiness and confidence, and able to represent the company and cybersecurity leadership with the highest level of professionalism. 
•    Adept at understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.
•    Strong project management, multitasking and organizational skills.
•    Ability to work effectively with diverse teams and varying personalities and adapt management style to effectively reach mutually beneficial outcomes. 
•    Able to attain and preserve credibility with the team through sustained industry knowledge. 
•    Able to motivate the team to achieve excellence and give credit and recognition where it is due.
•    Applicable knowledge of national and global cybersecurity policies, regulations and cybersecurity frameworks.
•    Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.
•    Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well. 
•    Highly organized and efficient self-starter requiring minimal supervision. 
•    Possesses general business administration competencies. 
•    Excellence in communicating privacy, business risk and remediation requirements from assessments.
•    Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen

Preferred Requirements

•    PMP a plus
•    At least 10+ years’ cybersecurity experience (or information technology coupled with cybersecurity), with at least 5+ years in an operationally focused cybersecurity practitioner role. 
•    14+ years of cybersecurity and/or information technology experience.
•    5+ years of related cybersecurity systems administration (preferable).
•    3+ years of cybersecurity or information technology project management.

Physical Requirements