OneIT - Business Information Security Officer – Corporate
New York City, United States
Full Time Executive-level / Director USD 170K - 280K
Business Information Security Officer – Corporate (L3 Director)
Organization/department: Information Security Office
Reports to: Head of Information Security
Direct reports: Up to 5
Effective date: June 2023
WSP is a global consulting firm assisting public and private clients to plan, develop, design, construct, operate and maintain thousands of critical infrastructure projects around the world.
Position Summary
WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.
The role of Business Information Security Officer – Corporate works directly with WSP’s Global IT organization and with our other Corporate Services such as HR, Finance and Health and Safety. It is a primarily internally facing role, though it may involve some interaction with clients and third parties. The role has a dual reporting relationship to the CISO and to the CIO.
This position requires a senior management professional with relevant experience and a strong working knowledge of IT security, risk management, regulatory compliance, information and public cloud service technology, IT operations management principles, and third-party security management.
Responsibilities:
Working directly with business leadership at all levels of the organisation to deliver an effective, world class information security program.
Establish and maintain the Information Security Governance framework; including running the Information Security Committee; coordinating IS risk management, executive reporting and participate in other forums where information security input and approval is required based on documented policies and processes.
Implementing and Operating the ISO270001 aligned Data and Information Security Management System.
Enhancing the security culture within Global IT and Corporate Services, driving business change initiatives and owning security e-learning.
Developing and maintaining an understanding of IS requirements, including regulatory/legal requirements. Working with key stakeholders, including the Head of Legal and Corporate leads to provide input and security assurance for new bids and acquisitions.
Working with the corporate IT teams and providing security guidance for new IT projects (working with the Security Architect function where needed)
Liaise with the relevant functions – Risk Management, Commercial, HR, Legal, Compliance, Procurement, Facilities / Physical Security - to ensure IS coordination and risk management.
The management and co-ordination of any security incident response.
Provide SME and guidance on any security needs or requirements. Act as an advisor to the Corporate Services leads on all information security related matters.
Work with the CISO and ISO on the Global Information Security Framework; contributing to the development of new processes, identifying and resolving risks and providing regular reports on security matters and metrics.
Leadership and People Responsibilities:
Displays leadership and independence in performing their role, with an ability to make complex decisions with limited input and review from senior staff.
High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
Assist in the training, and coaching of new and existing staff, and provide coaching to staff executing all aspects of information security and risk assessment and support.
Develop positive working relationships with other team members and business partners and partner across teams to align with WSP internal and external client demands.
Capable of rapidly assimilating and internalizing complex business, technology, and risk management concepts and dependencies.
Capable of clearly defining, presenting and selling recommended strategies to senior management teams.
Critical thinker with strong problem-solving skills, project management skills; financial/budget management, scheduling and resource management.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate between specialized groups of business unit and IT professionals.
Accommodation of schedule for international conference calls.
Finance/Budgetary Responsibilities:
Support the CISO in developing the budget projections based on objectives
Requirements:
Required
8+ years related senior level experience in Information Security, IT risk, IT Audit or a similar position involving IT and business change
Graduate of a four-year college or university, preferably with a degree in computer science or information management, or Professional certification in one or more of the following disciplines — IT governance (e.g., CGEIT), security (e.g., CISSP, CISM), internal audit (CISA) or Payment Card Industry (PCI)
Working (not necessarily technical) knowledge of security technologies (encryption, data protection, network intrusion prevention, host intrusion prevention, firewalls, privilege access, etc.)
Working (not necessarily technical) knowledge of enterprise IT security concerns and technologies, including but not limited to VPNs, network security, encryption, authentication, application-level network protocols, PKI, IPSec, Firewall, SSH, SSL, DES, LAN/WAN, and TCP/IP
Knowledge of security best practices (applications, network and client setups)
Experience with IT Governance frameworks such as COBIT, ITIL and ISO 2700x
Experience with governance, compliance and audit within IT environments
Experience of risk management, including risk analysis, mitigation and monitoring
Knowledge of information security regulations applicable to WSP
Preferred
Master's degree in IT, Computer Science, Engineering or related field
WSP Benefits
WSP provides a comprehensive suite of benefits focused on a providing health and financial stability throughout the employee’s career. These benefits include coverage related to medical, dental, vision, disability, and life; retirement savings; paid sick leave; paid vacation (or other personal time); paid parental leave; and paid time off for purposes of bereavement, voting, and/or attendance at naturalization proceedings.
Compensation
Expected Salary (all locations): $170,000- $280,000
WSP USA is providing the compensation range that the company in good faith believes it might pay and offer for this position, based on the successful applicant’s education, experience, knowledge, skills, abilities in addition to internal equity and specific geographic location. WSP USA reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant’s sex or other status protected by local, state, and/or federal law.
Expected Salary (Colorado only): $170,000-$250,000
WSP USA is providing the compensation range that the company in good faith believes it might pay and/or offer for this position within the state of Colorado, based on the successful applicant’s education, experience, knowledge, skills, and abilities in addition to internal equity and specific geographic location. WSP USA reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant’s sex or other status protected by local, state, and/or federal law.
About WSPWSP USA is the U.S. operating company of WSP, one of the world's leading engineering and professional services firms. Dedicated to serving local communities, we are engineers, planners, technical experts, strategic advisors and construction management professionals. WSP USA designs lasting solutions in the buildings, transportation, energy, water and environment markets. With more than 15,000 employees in over 300 offices across the U.S., we partner with our clients to help communities prosper.
WSP provides a flexible and agile workplace model while meeting client needs. Employees are also afforded a comprehensive suite of benefits including medical, dental, vision, disability, life, and retirement savings focused on providing health and financial stability throughout the employee’s career.
At WSP, we want to give our employees the challenges they seek to grow their careers and knowledge base. Your daily contributions to your team will be essential in meeting client objectives, goals and challenges. Are you ready to get started?
WSP USA (and all of its U.S. companies) is an Equal Opportunity Employer Race/Age/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Disability or Protected Veteran Status.
The selected candidate must be authorized to work in the United States.
NOTICE TO THIRD PARTY AGENCIES:
WSP does not accept unsolicited resumes from recruiters, employment agencies, or other staffing services. Unsolicited resumes include any resume or hiring document sent to WSP in the absence of a signed Service Agreement where WSP has expressly requested recruitment/staffing services specific to the position at hand. Any unsolicited resumes, including those submitted to hiring managers or other business leaders, will become the property of WSP and WSP will have the right to hire that candidate without reservation – no fee or other compensation will be owed or paid to the recruiter, employment agency, or other staffing service.
Tags: Agile Audits CISA CISM CISO CISSP Cloud COBIT Compliance Computer Science Encryption Finance Firewalls Governance Incident response Intrusion prevention ITIL Monitoring Network security PKI Risk analysis Risk assessment Risk management SSH TCP/IP VPN
Perks/benefits: Career development Equity Flex hours Flex vacation Health care Medical leave Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs