Eversheds Sutherland are seeking an experienced Business Information Security Officer to join our expanding Cyber Security team . You will be reporting directly to the Chief Information Security Officer.

The Information Security Officer (ISO) will serve as the primary point of contact between the cybersecurity function and their assigned International region. The BISO is generally responsible for maintaining a strategic relationship with the specific business unit or function that they are aligned to. This is usually done to ensure that cybersecurity is incorporated into the culture of the enterprise/organization/business unit in question.

You will have a wonderful opportunity to focus on introducing new and evolving security capabilities and for implementing wide scale process improvement

 Key Responsibilities

• Works with Eversheds Sutherland's business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:
  • Business system analysis.
  • Communication, facilitation and consensus building.
• Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
• Reports to Eversheds Sutherland's management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
• Act as a subject matter expert (SME) between cybersecurity and the lines of business in the development of appropriate policies, standards, and frameworks
• Allocate resources (e.g., security architects, engineers) to achieve outcomes
• Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function
• Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the organization
• Work with BUs to align funding requirements with strategic initiatives 
• Participate in cybersecurity and business-related councils or working groups as necessary
• Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture
• Develop an understanding of business goals and reframe risk discussions in business terms
• Constructively engage business partners regarding cybersecurity issues
• Establish risk ownership and accountability within the business line
• Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
• Challenge stakeholder’ assumptions about value drivers and present an alternate perspective
• Reshape business stakeholders preconceived notions of success where appropriate
• Manage control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action
• Assist in the coordination and completion of information security operations documentation
• Partner effectively to ensure IT response and continuity plans are documented, well communicated and practiced
• Lead by example by living the values of Eversheds Sutherland