Business Information Security Advisor
3400 new hyde park rd New Hyde Park, NY 11042 | Direct Hire
The Business Information Security Advisor (BISA) is responsible for assisting with Information Security initiatives to align with Corporate Security Standards. This position will provide security and compliance expertise working with technology, the business, and legal teams to process requests and assist with developing secure solutions. The ideal candidate will coordinate security projects for internal products. These projects include, but not limited to: network and application security vulnerability remediation efforts; providing security guidance to technology and the business; ensuring daily operational security and risk tasks are resolved, partnering to developing business continuity and disaster recovery documentation and participating in the BCP/DR test activities; providing support for customer security audits and audit findings. The Business Information Security Advisor also ensures compliance with legal, regulatory and contractual security obligations, and assists with the development and implementation of security process improvements to drive security and risk mitigation efforts.
- Works under the direct guidance of the Sr. Manager, Information Security of Retail Solutions to ensure adoption and compliance with Security Standards while enabling business success.
- Periodically perform risk assessments of the F&I applications, systems and business processes to verify compliance with the Security Standards and prioritize the remediation of gaps based on risk to the organization. Coordinate the remediation of all gaps identified.
- Assist with facilitation and management of customer security audits and requests. Complete security compliance questionnaires and provide requested documentation to customers in a timely manner. Coordinate and host customer onsite audits as necessary. Coordinate and manage remediation efforts, if any, as a result of these audits.
- Oversees application and system/network security vulnerability assessments and coordinates remediation efforts for the F&I web site applications and systems.
- Provides security guidance for new projects to ensure security best-practices are implemented and that projects are developed in compliance with Security Standards.
- Assist with subpoena requests and handling depositions working with internal/external Legal Counsel.
- Addresses findings from quarterly access reviews.
- Administrates and maintains security log system and ensures logging standards are implemented with new F&I applications.
- Coordinates with the technology and business areas to ensure they maintain disaster recovery and business continuity plans and procedures for the internal suite of solutions. Assists with disaster recovery testing efforts for the customer-facing web site applications.
- Meets as scheduled, or as needed, with various departments (e.g., IT, Audit, Legal) to provide updates and information on security issues. Also, responsible for responding to requests for information to support compliance initiatives.
- BA/BS Degree, preferably formal studies in Computer Science or Information Systems or equivalent
- 5-10 years’ experience in IT Security, Risk and/or Compliance or equivalent
- Understanding of web-based applications, infrastructure, and architecture
- Strong MS office skills with Excel and Access
- Ability to work in a fast-paced and dynamic environment
- Ability to work in a team and independently to fix issues with little or no supervision
- Excellent organizational, project management and follow-up skills
- Ability to build effective working relationships at all levels of the organization
- Ability to explain risk, prioritize remediation efforts against other projects and effectively influence teams to focus on successful completion of security projects.
- Establish effective working relationships at all levels of the organization
- Excellent communication skills
- CISA, CISSP, CISM, or other security certification(s).