Business Information Security Officer (BISO) and EIRM Program Manager
Summary:
The Business Information Security Officer (BISO) and EIRM Program Manager acts on behalf of the Chief Information Security Officer (CISO) for a specific line of business or portfolio and is responsible for developing and deploying key EIRM programs designed to effectively manage information risk to MassMutual. The role is accountable and responsible for the following:
- Providing Information Risk understanding and enabling sound decision making through the development and maintenance of a relevant, transparent, proactive and actionable information risk landscape.
- Managing Information Risk by working collaboratively with business partners and MassMutual’s Enterprise Information Risk program to identify, prioritize and mitigate information risks.
- Acting as a trusted advisor to the line of business, adding value to senior leaders as an extended member of their leadership team. Understanding strategic goals and embedding Information Risk management into key decisions and core business processes of the enterprise.
- Acting as a trusted advisor to MassMutual’s Information Risk program by connecting services and control capabilities directly with the line of business. Facilitating the feedback loop for improvement opportunities across all Information Risk programs.
- Acting as a Program Manager for a variety of EIRM Capabilities – Initially for Identity and Access Management and Data Protection supporting both program owners. In this role, the Program Manager will (among other things):
- Manage development and implementation activities across multiple projects.
- Drive delivery of quality solutions tied to clearly understood business goals and benefits.
- Deliver objectives on time, with quality, within scope and budget.
- Develop, manage, monitor and report on all program tasks, activities, expectations, risks and deliverables.
Key Responsibilities:
- Acting as a Program Manager for a variety of EIRM Programs – Initially Identity and Access Management and Data Protection.
- Providing Information Risk understanding enabling sound decision making through the development and maintenance of a relevant, transparent, proactive and actionable risk landscape.
- Enabling Information risk management by working collaboratively with business partners and MassMutual’s Information Risk program to identify, prioritize and mitigate information risks.
- Acting as a trusted advisor to the line of business, adding value to leadership as an extended member of their team. Understanding strategic goals and embedding Information Risk management into the culture of the line of business.
- Acting as a trusted advisor to MassMutual’s Information Risk program by connecting services and control capabilities directly with the line of business. Facilitating the feedback loop for improvement opportunities across all Information Risk programs.
Requirements:
- Minimum of 10 years in information risk, identify and access management or data protection roles.
- Minimum of 5 years in leading and developing programs.
- Demonstrated experience leading teams in a matrixed environment.
- Demonstrated experience in understanding and applying information security concepts.
- Demonstrated ability to build consensus across a variety of key stakeholders as well as business and technology leaders to influence successful outcomes.
- Consistent record of being results oriented with the desire and ability to achieve aggressive goals.
- Process design skills and experience.
- A dedicated commitment to teaching innovation in control design and techniques for effective cyber security management.
- CISSP or suitable security certification that is maintained.
- Must be able to work in the US without sponsorship now and in the future.