Business Information Security Officer (BISO)

Emirates Investment Bank pjsc • Full-time • دبي, AE • 3w ago

Company Description

Emirates Investment Bank PJSC (EIBank) is an independent onshore private bank based in Dubai, United Arab Emirates, offering a wide range of banking and investment services to a select group of clients, supporting them through every stage of their wealth journey.

Established in 1976 by prominent UAE business families, EIBank offers bespoke solutions across the full range of wealth management services, from asset management and access to global markets to advisory services.

EIBank is a relationship driven bank, focused on building long-term partnerships. Our flexible and consultative approach enables us to offer customized products and solutions through innovative advice and services.

EIBank is listed on the Dubai Financial Market since 2005, and its shareholder base is composed of highly respected UAE business families and private investors from the local community.

Job Purpose

The Business Information Security Officer (BISO) will serve as the primary point of contact between the cybersecurity function and their assigned business unit(s), region, service line, platforms(s), and/or corporate function. The BISO is generally responsible for maintaining a strategic relationship with the specific business unit or function that they are aligned to. This is usually done to ensure that cybersecurity is incorporated into the culture of the enterprise/organization/business unit in question.

Key Accountabilities

The Business Information Security Officer will be accountable for the following tasks:

Act as a subject matter expert (SME) between cybersecurity and the lines of business in the development of appropriate policies, standards, and frameworks
Allocate resources (e.g., security architects, engineers) to achieve outcomes
Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function
Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the organization
Work with BUs to align funding requirements with strategic initiatives
Participate in cybersecurity and business-related councils or working groups as necessary
Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture
Develop an understanding of business goals and reframe risk discussions in business terms
Constructively engage business partners regarding cybersecurity issues
Establish risk ownership and accountability within the business line
Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
Challenge business partners’ assumptions about value drivers and present an alternate perspective
Reshape business partners’ preconceived notions of success where appropriate
Investigate security incidents and develop remediation plans in collaboration with CSIRT and/or other stakeholders responsible for incident response.

Technical & Business Skills required:

Experience with risk assessment, incident response, and security audits
Experience with cloud security and DevOps
Experience with a wide range of security technologies, including firewalls, intrusion detection systems, access control systems, and encryption
Experience with security frameworks and methodologies, such as NIST Cybersecurity Framework (CSF) and ISO/IEC 27001 or 27002
Experience working with business leaders and enterprise projects
Experience with risk assessment, incident response, and security audits
Experience with cloud security and DevOps
Experience with a wide range of security technologies, including firewalls, intrusion detection systems, access control systems, and encryption
Experience with security frameworks and methodologies, such as NIST Cybersecurity Framework (CSF) and ISO/IEC 27001 or 27002
Experience working with business leaders and enterprise projects

Knowledge & Skills required:

Aptitude for understanding internal organizational environments and their relationship to the external business environment
Ability to develop a full and deep understanding of the business operations
Understanding of how business initiatives create value and risk for organizations
Able to effectively analyze risk within the context of business problems
Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes
Able to consistently, effectively defend ideas and solutions
Adept at improving outcomes through proactive team coaching and development
Demonstrates an ability to construct, challenge, and manage choices
Strong problem-solving and trouble-shooting skills
Ability to measure and report on the effectiveness of security programs
Ability to translate security objectives and policies into specific business practices and procedures
Ability to align security initiatives with the organization's overall business strategy