Cyber security - Business Information Security Officer

About the Company:

Elsevier is a global information analytics business that helps institutions and professionals advance healthcare, open science, and improve performance for the benefit of humanity. They provide digital solutions and tools in the areas of strategic research management, R&D performance, clinical decision support, and professional education.

About the Role:

The Business Information Security Officer (BISO) will work closely with senior management, third parties, project managers, and business subject matter experts (SMEs).

The BISO is a liaison between cybersecurity and their aligned business unit. The BISO ensures the enterprise's assets are secure, its business requirements are received and understood by the cybersecurity division, and that the business understands cybersecurity risks.

Key Responsibilities:

• Provide a critical liaison role between the business unit and the security program, enhancing collaboration, communication, and alignment of goals.
• Serve as a trusted advisor with business unit leadership, fostering strong relationships with squads and BU teams.
• Build relevant relationships with business units and tech squads to deliver security-by-design controls in projects, architecture, infrastructure, and applications.
• Support the CISO, Security management team, and Executive Leadership, even during challenging times.
• Be actively engaged and informed in projects across the business unit, ensuring visibility and security alignment.
• Act as an ambassador for security-wide workstreams, aligning business units with the enterprise-wide security program.
• Lead the implementation of security solutions, tools, and monitoring to mitigate cybersecurity risks.
• Work closely with security leadership to instill cybersecurity policies and practices throughout business units.
• Define the information and infrastructure security needs of the BU's using a risk-based approach.
• Develop and report BU metric scorecards to reflect the level of adoption and compliance to security policies/standards.

Skills Required:

• Ability to collaborate with multiple technical functions in security, infrastructure, technical operations, training, software engineering, and customer support.
• Strong awareness of cloud and network infrastructure security best practices.
• Comprehensive understanding of security controls for end-user devices and Microsoft 365 security implementations.
• Knowledge of key DevOps principles and practices.
• Strong communication and customer service skills.
• Organizationally savvy and able to navigate complex organizations.
• Strong understanding of compliance and governance initiatives.
• Strong project planning, time management, and change management skills.
• Strong problem-solving experience and data analytics skills.
• Ability to develop and implement security programs.