Responsibilities include but not limited to:

Strategy - Planning: Work with the CISO to develop and implement an information security strategy that aligns with organizational priorities. Oversee the implementation and execution of security standards and policies. Develop operational-level roadmaps and execute improvement plans for underperforming security areas. Maintain security policy review processes and ensure compliance with laws, regulations, and regulatory guidance. Support compliance improvements by furnishing information relevant for audit activities and directing compliance issues to appropriate resources. Define local-level KPIs and collect and report necessary metrics to CISO and executive management. Communicate identified threat information to Division BISO and Enterprise levels. Support implementation and execution of the security control framework. Direct Areas of Responsibility: Direct oversight for a team of Business Information Security Officers aligned to key business areas to ensure consistent and high-quality information security management in support of business goals. Business Engagement Alignment: Determine information security approach and operating model in consultation with key stakeholders. Work effectively with business units to facilitate information security risk assessment and risk management processes. Create necessary internal networks to ensure alignment as required. Build out appropriate business engagement model and support functions. Ensure security is embedded in the project delivery process. Liaise with the enterprise architecture team to build alignment between the security and enterprise architectures. Define and Implement Information Security Frameworks: Create and manage a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements. Develop and maintain a document framework of continuously up-to-date information security policies, standards, and guidelines. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection of information assets. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program. Thought Leadership: Build and nurture external networks to address common trends, findings, incidents, and cybersecurity risks. Liaise with external agencies to ensure the organization maintains a strong security posture. Participate in leading industry forums and consortiums to represent business interests and set standards/practices.