Director TTS - Business Information Security Officer (BISO)

Description:

Similar Industry Titles and Key Words: BISO, CISO, Director, risk management, information security

PRIMARY FUNCTION

Serving in a leadership role on the technology and business teams, the BISO is responsible for ensuring that critical business and technology functions align with Target’s information security principles, thereby enabling business and information security integration across the enterprise. Key conduit for integration between Information Security and Risk teams and business and technology programs and initiatives.

PRINCIPLE DUTIES AND RESPONSIBILITIES

Provide Strategic Direction:

  • Provide pyramid-specific, potentially transformative and high-impact, strategic direction for business unit information security and compliance needs.
  • Serve as the trusted advisor and most senior information security, risk and compliance leader for the business and demonstrate a strategic understanding of partner’s business, mission and goals, and support capability evolution in a complex and evolving risk landscape.
  • Align with senior stakeholders at the VP and SVP levels regarding information security and compliance risks to the business pyramid.
  • Inform and influence business pyramid and enterprise strategy planning leaders as appropriate, identifying key issues, tradeoffs, and impacts to planned investments and projects. These projects are typically high-impact, high-profile or high-risk and are very complex, involving many stakeholders and pyramids.
  • Enable alignment of strategic direction across multiple business pyramids, identify potential conflicts, and lead resolution with senior stakeholders.
  • Leverage industry and peer group practices, and lead knowledge sharing events as appropriate.

Ensure Information Security and Compliance:

  • Proactively and collaboratively influence work with business units to develop and implement procedures that align with defined policies and standards for information security management.
  • Develop business-relevant metrics to measure the efficiency and effectiveness of the company’s information security management program in order to produce tangible outcomes.
  • Perform project/program risk assessment and provide risk prioritization, management and guidance.
  • Develop specific security and risk recommendations for improvement and alignment to overall Target and Information Security and Risk goals.
  • Ensure the historic risks are managed, understood and used in future decisions and maintain flexibility in team to adapt to evolving risk landscapes.
  • Determine how to achieve information security across fragmented, homegrown or legacy systems.

Build & Maintain Relationships:

  • Engage with and serve as the primary point of contact with business and technology stakeholders for information security, risk and compliance matters.
  • Develop and maintain relationships and partnerships with internal (Target’s Security, business portfolio, and governance teams) and external business partners (government, vendors) to provide appropriate transparency to enterprise risks and discuss transformative and strategic matters.
  • Drive the integration of security initiatives into Business and technology projects/programs, and enable and advocate for initiatives that support the business and technology teams within the Information Security and Risk organization surrounding information security and compliance.
  • Advise information security teams, including CISO/CIO, on industry and internal Target developments in business practice, technology, information security issues and legislation that impact the company’s information security policy.
  • Communicate actively with senior level stakeholders in technology and business on information security and risk across industries, within Target, and each business area.
  • Serve as the trusted advisor to the business on information security, risk and compliance matters.

JOB REQUIREMENTS

Minimum Requirements:

  • BA/BS or equivalent experience
  • 15+ years relevant work experience
  • Exceptional interpersonal, verbal, presentation and written communication skills
  • Broad and deep knowledge of business, technology/IT and information security technologies and approaches

Desired Requirements:

  • 5-7 years direct report leadership experience
  • CISSP, CISM and/or CISA
  • Executive presence and the ability to communicate effectively across all levels of the organization, including the delivery and explanation of complex security-related concepts into clear, concise and understandable terms
  • Hands on role working directly with business and technology teams to integrate security into current and new capabilities
  • Ability to exert intellectual, emotional and political influence as the situation demands and influence without authority
  • Strong collaboration and experience working in matrixed environments
  • Proactive and responsive with strong leadership skills
  • Critical thinking skills with an inquisitive and questioning nature
  • Ability to think big picture; a “systems thinker.”
  • Must be able to operate at the detail level as well as able to operate effectively with senior leaders

Back to top