The Business Information Security Officer (BISO) is responsible for partnering between the Omnicell Information Security Team and their line of business constituency helping the business understand and implement security policies and processes.  The Sr. Manager is responsible for leading and managing resources within the security team.   This role is responsible for building out the BISO team to serve as trusted advisors, skilled communicators, and security advocates, additionally the Sr. Manager will work hand in hand with business leaders building out a robust and resilient security posture.

The BISO participates in information security governance process as a member of the company’s Information Security committee and by providing business subject matter expertise in the development of new policies or revision to existing policies.  They are also responsible for communicating the policies of their constituency to drive business unit awareness and compliance and monitoring their adoption across the business.  

 

Responsibilities:

Champion Security within the Business:  Drive the adoption of cybersecurity controls across business units through clear communication, education, and stakeholder engagement.  Advocate for and communicate the impact of security policies and changes to business leaders. Strategic Alignment:  Align information security priorities and initiatives with the overall business strategy and roadmap. Security by Design:  Partner closely with product and engineering teams to embed security principles into the design and development of new features and products. Risk Management & Compliance:  Support the Information Technology Risk Program by collaborating with business units to document and address exceptions to security policies. Risk Assessment: Advise business unit management on information security risks and recommend appropriate mitigation strategies aligned with company policies and regulatory requirements. Vulnerability & Threat Management:  Drive the remediation or mitigation of vulnerabilities, security audit findings, penetration test results, and other identified security risks. Performance & Reporting:  Define, track, and report key performance indicators (KPIs) and metrics related to information security to both technical and non-technical audiences. Team Leadership & Development:  Oversee the day-to-day management of a geographically dispersed team.  Foster a high-performing team environment by providing guidance, mentorship, and career development opportunities. Security Awareness & Culture: Contribute to and lead company-wide security awareness initiatives and materials.  Cultivate a strong security culture across the organization by fostering a "security advocate" mindset. Emerging Technology & Incident Response: Proactively communicate and plan for the adoption of emerging technologies within the context of information security. Participate in and support cyber security incident response activities as needed.

 

Required Skills and Knowledge:

Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Knowledge of security and control frameworks, such as NIST, ISO, HITRUST, and HIPAA Security with applicable knowledge of best practices. Understanding of Docker, Kubernetes, container security best practices. Expertise in Cloud Computing Security. Healthcare, Pharmacy or Medical Device Experience Demonstrable experience with understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence. Demonstrable experience with the ability to work effectively with diverse teams and varying personalities and adapt management style to effectively reach mutually beneficial outcomes. Strong Risk management and remediation skills. Demonstrate the management of remote teams. Excellent communication skills and the ability to translate highly complete technical concepts and process to the language of the business

 

Basic Qualifications:

Bachelor’s Degree plus 8 years’ Information Technology experience OR HS Diploma/GED plus 10 years information technology experience. 5 years management experience in IT related applications, processes, and procedures Proven experience partnering with an engineering and product team to bring about a security first mindset.

 

Preferred:

Security Certifications: CISSP, CISA, CRISC or CISM  Technical Certifications: AWS Security Specialist

 

Work Conditions:

Hybrid (Dallas or Austin) / Office Environment Flexibility to be available occasionally outside of regular business hours/weekends Occasional travel up to once per quarter.