Lead - Business Information Security Officer



At the leading edge of driving innovative technologies and responsible operations across the world. Drawing on over 150 years of experience, we are leading the way in safety, efficiency, reliability, innovation, and productivity.   

View company page

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company’s new website at: http://www.WabtecCorp.com.

It’s not just about your career… or your job title…it’s about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters…do things that haven’t been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.


The Enterprise Information security team is looking for a highly motivated Lead Business Information Security Officer (BISO) will serve as the primary point of contact between the cybersecurity function and their assigned business unit(s), region, service line, platforms(s), and/or corporate function. The BISO is generally responsible for maintaining a strategic relationship with the specific business unit or function that they are aligned to. This is usually done to ensure that cybersecurity is incorporated into the culture of the enterprise/organization/business unit in question.

A good BISO manages the business and security experience, both internally and externally. Within the organization, the BISO serves as a first-point of escalation for commonplace cyber security concerns. Externally, the BISO sees to it that partners and other third-parties enjoy working with the security team; that third-parties do not report meeting unfriendly, unhelpful or incomprehensible employees. In essence, a BISO provides ‘white glove service’ and ensures that everyone has a positive experience while working to address security concerns.

Duties and Responsibilities:

  • Ask the right questions.  A BISO must be naturally curious and even a little suspicious of everything at face value, and get below the surface to a problem or request.
  • Be an information broker.  Adopting a researcher's mindset, particularly when resolving problems. I hoard references, working notes, and lessons learned, and make a habit of sharing those with others when it's appropriate and most relevant. You don't have to have all the answers, but you do need to know where to find them, and who should be looped into a problem to best resolve it. Sometimes asking for help and bringing in other expertise is the answer, too!
  • Be biased towards action ("Audentes Fortuna Juvat"). This Latin phrase is popular amongst military units, and translates to "Fortune Favors the Bold." BISOs are delegated authority by senior management for a reason -- their expertise and judgment are depended upon to support risk decisions. Make sure I can justify my actions and back up my decision-making with authoritative references.
  • Seek harmony in conflict! If there's any constant for leaders, it's having your decisions challenged. BISOs need conflict resolution skills, and the ability to seek unemotional resolutions to challenges that find consensus and bring people to the table to find common ground. There may be times where the right answer for security doesn't mean the right answer for the business as a whole... or vice versa (and most conflict erupts when security MUST override business desire, such as when legal and regulatory compliance are in question).
  • Develop and maintain an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, consumers, data, and customers.
  • Serve as the main contact or adviser for local security as part of IT security role and the IT business partners, infrastructure and architecture as well as finance, HR, legal, and other staff.
  • Acts as a partner with the legal, compliance, and IT resources to establish an effective working relationship that enhances the security program effectiveness.
  • Implementation of the information security policies and procedures across all assigned regions or units.
  • Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function
  • Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the Enterprise Information Security Team
  • Work with BUs to align funding requirements with strategic initiatives 
  • Participate in cybersecurity and business-related councils or working groups as necessary
  • Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture
  • Develop an understanding of business goals and reframe risk discussions in business terms
  • Constructively engage business partners regarding cybersecurity issues
  • Establish risk ownership and accountability within the business line
  • Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
  • Oversees, communicates, and carries out the technical implementations of solutions required for security for the objectives of the business.
  • Identifies and takes action on all non-compliance areas for improvement and facilitates the development and deployment of the solutions.
  • Active engagement with customers and clients to help a company toward objective achievements through representation of the security program, support for external and internal auditing, and helping in the case of a security incident as a main contact for communication.
  • Participating in company/region/unit related meetings and conferences, customer-facing engagement, and industry forums associated as part of the cybersecurity program.
  • Offer reporting on a regular basis on cybersecurity status across the company/region/unit of responsibility.
  • Act as the main contact for escalation of inquiries, security issues, and security issues.
  • Coordinate with Crisis Management and Security Incident Response teams to help drive resolutions for incidents and assist with investigations.
  • Offer guidance for cybersecurity across regions and functions.
  • Act as a driver for remediation activities across the region/unit.
  • Develop a technical roadmap in collaboration with Cyber Security Engineering and Cyber Defense Operations teams.
  • Work with Information Risk Management and Compliance team for policy development and regulatory compliance.
  • Help to translate and implement information security policies.
  • Act to coordinate Service Level Management for cybersecurity and assurance.

Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)

  • BA/BS in a business or technology related field. MBAs are an added benefit, but not required.
  • 5+-8+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.
  • Experience in working with and preferably leading a global, cross functional team.
  • Experience as a people leader
  • Periodic travel up to 25% to Regional Wabtec facilities
  • Preferred but not required:  CISSP or CISM.

Knowledge, Skills and Abilities:

  • Work ethic: sense of ownership, ready to work on unattractive tasks/projects for the benefit of the company
  • Resilience: not to be put down by failure / obstacles / rejection
  • Willingness to invest time and effort into building long term relationships with stakeholders in IT services
  • Critical thinking: looking for improvements, not accepting the way things are done for granted
  • Ability to plan activities for oneself and others, understand dependencies between own work product and inputs to others 
  • Analytical ability to dissect a problem and find a root cause
  • Be highly empathic and passionate about creating successful teams and high trust environments.
  • Be experienced in doing this remotely, as our teams are globally distributed.
  • Be driven towards automating repetitive tasks for project teams, project management and scrum domains.

Physical Demands: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)

  • Some lifting (up to 30 lbs.). 
  • Long hours on computer keyboard.
  • Prolonged periods of standing and/or walking. 

Work Environment: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.)

  • The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment.

Wabtec Corporation is committed to taking on the world’s toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world’s brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles…people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits CISM CISSP Compliance Cyber defense Finance Governance Incident response Risk management Scrum

Perks/benefits: Career development Conferences Team events

Region: Asia/Pacific
Country: India
Job stats:  3  1  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.