Job Description

The Business Information Security Officer (BISO) is a strategic partner to Global Digital Services (GDS) technology leaders in their support and implementation of Liberty Mutual's cybersecurity program. The BISO proactively drives alignment between business unit objectives and the enterprise security strategy. As a business enabler, the BISO ensures business decisions adhere to corporate security policies and are implemented with security top of mind, while being mindful to the practicalities of speed, agility, and business results. Based on SBU strategic security needs, the BISO has strong influence over the delivery and priority of service features and development of new security services or products. With a focus on continuous improvement of the security culture, process, and technology that protect our policyholders and employees and informed by industry trends, the BISO drives a focus on security for all employees.

About the role:

* Initiates and fosters partnerships with GDS stakeholders, such as IT leadership, Product Owners, and architects to prioritize activities for proactive alignment to appropriate team backlogs; develops relationships that promote trust and increase efficiency and effectiveness of program implementation; balances individual customer needs with business priorities assuring alignment with Global Cybersecurity strategy.
* Participates in GDS program increment planning events and dependency reviews. As a dotted line member of the GDS General Manager's leadership team, influences and cascades a strategic cyber risk management vision to effectively secure the business without slowing company innovation and execution.
* Strongly influences the delivery and priority of service features and development of new security services or products.
* Support the development of risk remediation action plans or exception process as needed.
* Ensures the priority of security work to SBU teams is balanced appropriately amongst other GDS priorities.
* Drives the shared accountability for the delivery and ongoing management of secure applications.
* With other SBU aligned BISOs and CISO, defines and effectively communicates key performance indicators (KPIs), key risk indicators (KRIs) and metrics.
* Stays current with the external threat environment for emerging threats and ensure advisement to relevant stakeholders on the appropriate course of action.
* Commits to continual learning, particularly as it relates to regulatory, technology, and cybersecurity and privacy industry trends, applying knowledge to global strategy and program improvements.
* As applicable, collaborates with local counsel on incident resolution and regulatory compliance matters.
* As needed to support CSOC and/or legal functions pertinent to GDS, assists in the management of security incidents and events to protect IT assets, regulated data, and the company`s reputation.
* Advocates for security recommendations for third party risk management with business owners of third-party relationships, such as decision to engage services, necessary remediation, and actions resulting from ongoing monitoring.
* Act as a mentor and an educator to all in regard to cybersecurity concepts, technology, processes and strategy.
* Provide GDS visibility into Security training opportunities, including external conferences, speaking engagements and core curriculum updates.
* Develops and maintains a network of industry contacts; perform or direct research on industry trends, competitors, business and IT products; makes strategic and tactical recommendations.
* Ensure GCS required activity is predictable, consolidated and integrated into GDS Plans.
* Identify opportunities to consolidate/package activity for improved execution and reduced impact to markets and GDS teams.
* Be accountable for GCS risk and compliance remediation activity across GDS, including PCI, FSA, SOC1 and Vulnerability Management activities.
* Provide transparent and clear two-way communication between GCS and GDS.
* Act as a consultant and guide to senior leadership on cybersecurity matters.
* On behalf of the CSOC, engage required GDS teams/resources for LSERT and security incident handling as requested.
* Act as a consultant and guide to senior leadership on all cybersecurity matters including acting as a liaison to the CSOC for all LSERT and security incident handling.