Business Information Security Office Lead

The Business Information Security Office Lead (BISOL) is responsible for the security of business information, such as computer networks and data.

The individual in this role will collaborate with executive leadership on a risk management program, advise on security best practices, oversee security training, and investigate security incidents.

The BISOL is vital in cybersecurity, bridging organizational goals with cyber threat protection in large entities. This role serves as an intermediary between security and operational teams, advising leaders and offering expertise on compliance, risk assessment, and data loss prevention.

Job Responsibilities :

• Develop and evaluate compliance with programs and processes to mitigate cybersecurity risk, collaborating with executive leadership to implement an effective risk management program.
• Bridge organizational goals with cyber threat protection in large entities.
• Serve as an intermediary between security and operational teams, advising leaders and offering expertise on compliance, risk assessment, and data loss prevention.
• Maintain compliance of internal IT security controls by meeting internal and external information security requirements, proactively integrating cybersecurity into new technology initiatives from the start.
• Document, investigate, and report cybersecurity compliance issues and / or incidents; work with business leaders to ensure information security risk findings are reviewed and mitigation plans are implemented to resolve issues.
• Research and interpret current and pending governmental laws and regulations, industry standards, and client contracts to advise on compliance requirements and security best practices.
• Identify and implement process improvements to enhance efficiency and productivity.
• Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested.
• As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk.

Required Qualifications :

• Bachelor’s degree in related field.
• Minimum of 5 years of Cyber security experience with demonstrated ability to understand major cyber frameworks (NIST / ISO).
• Strong capability to understand business structures in the fintech space.
• Certified Information Systems Security Professional (CISSP) or similar certifications preferred.
• Executive presence, and the ability to foster relationship management, negotiate and influence.
• Foundational technical expertise, including both business acumen and strategic thinking, as well as the ability to identify issues and provide innovative problem-solving.
• Proven experience in developing and leading business information security programs.
• Strong understanding of security principles, technologies, and processes.
• Experience with incident response, risk management, and security audits.
• Excellent communication and interpersonal skills.
30+ days ago