SantaClaraRecruiter Since 2001
the smart solution for Santa Clara jobs

Business Information Security Officer (BISO) - Santa Clara

Company: Abbott
Location: Santa Clara
Posted on: November 19, 2021

Job Description:

b'Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals, and branded generic medicines. Our 109,000 colleagues serve people in more than 160 countries.nOur location in Santa Clara, CA currently has an opportunity for a Business Information Security Officer (BISO)nxc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0xc2xa0nWHAT YOUxe2x80x99LL DOnAbbott continues to invest in cybersecurity capabilities to protect Abbott operations and data from cyber- attacks.xc2xa0 These protections rely on engagement across our business and corporate divisions; therefore, we have created a new role called the Business Information Security Officer (BISO) that will work with technology and business leadership to adopt cybersecurity controls that protect their customer, business data, and critical operations.xc2xa0Reporting through the Enterprise Cybersecurity group, the BISO will be aligned by business/corporate division. The BISO is the primary Cyber-point of contact for the assigned division and supports the implementation of the Cybersecurity program. This person will be a cybersecurity subject matter expert dedicated to supporting the division in making risk-informed decisions based on the evolving cyber threat landscape, regulatory requirements and Abbott policy.xc2xa0 Similarly, the BISO will provide divisional insight to the Enterprise Cybersecurity organization to make business-informed decisions on enterprise policy and controls.nCore Job Responsibilities: xc2xa0nEnable security by designn * Participate in key initiatives and projects to ensure that cybersecurity controls are accounted for early within the project and software development lifecycles. Work with the division and provide guidance that Information Security policy is complied with for processes, systems and strategic initiatives. Onboard technologies & platforms with minimum enterprise security controls.n * Provide cybersecurity expertise and strategic thought leadership, balanced with an understanding of the Divisionxe2x80x99s priorities.n * Incorporate guidance from regional security team on impact of regional Cyber laws and mandates on enterprise security roadmaps. Partner with regional security team to maintain divisional compliance with regional cyber laws and regional audits.n * Promote compliance with IT Security policy and guide the Division to BTS shared services as the solution of choice (e.g., Cloud hosting, Identity & Access Management, SSO authentication, Web design & hosting). Should those solutions not meet their needs, assist the Division in selecting a third-party solution that also complies with IT security policy.n * Engage Enterprise Cybersecurity teams where additional subject matter expertise is needed in support of Divisional priorities.xc2xa0nEnable risk-informed decisionsn * Conduct Business Impact Assessments for new enterprise controls and facilitate the submission and approval of business-necessary exceptions to those controls both prior to deployment and ongoing.xc2xa0xc2xa0xc2xa0n * Work with the Division to identify remediation roadmaps for enterprise control exceptions and track and report progress on those roadmaps.n * Work with the Division & regional cyber group to define control enhancement roadmaps for unstructured and structured systems storing highly restricted and restricted data (including privacy) as identified in the Data Loss Protection Program.n * Ensure that Cybersecurity Risk Assessments are conducted on all third-party suppliers and/or its subcontractors managing or processing personal or privacy information on behalf of Abbott and provide escalation for high-risk issues arising from those assessments. Partner with Regional Cyber office to ensure Risk assessments are conducted in all regions that division has a presence in.n * Over time, work with the Division to identify business-critical suppliers that might also require a Cybersecurity Risk Assessment (e.g., due to supply chain criticality, failure by the supplier to provide services would put Abbott at risk).n * Work with the Division to ensure Cybersecurity Risk Assessments are conducted on high-risk business applications, including & not limited to SaaS, Web applications (including eCommerce & Customer Relation Management). Provide escalation for high-risk issues arising from those assessments. Ensure remediation plans are tracked to completion.n * Work with Division on a timely mitigation plan for critical and high-risk vulnerabilities.n * Provide regular and timely reporting on Cybersecurity Issues and Exceptions to Division Leadership with context to how those translate as risk the business.n * Over time, define other reporting and metrics that will be meaningful to the business and enable the Enterprise Cybersecurity to provide an Enterprise Risk view of Cybersecurity.xc2xa0xc2xa0n * Facilitate Divisional Steering Committees for Enterprise Cybersecurity programs with appropriate business/corporate division leadership (currently Data Loss Protection and Manufacturing Cybersecurity).n * Over time, consolidate into a single Divisional Cybersecurity Risk Steering Committee (potential to combine with Product Cybersecurity)nSupport annual planningn * Serve as a liaison between Enterprise Cybersecurity and the IT Division leadership during annual planning and strategic roadmap exercises to ensure Cybersecurity initiatives and issue remediation work is included in planning processes for funding and resource capacity, as needed.n * Partner with IS, HR, Privacy, Legal and Regional Cyber teams to further the effectiveness of the Security program through effective partnerships.nSupport Enterprise-wide Cybersecurity Maturityn * Provide support to the Division IT and Operations in establishing their Manufacturing Cybersecurity roadmaps at Wave 1 and 2 sites and guide them in leveraging BTS shared services to achieve control compliance. Create regular and timely reporting of progress.n * Coordinate response to Urgent-Critical vulnerabilities on non-integrated networks (Including but not limited to ARDx, Verpoharm, Glomed, CFR Etc.). Perform current-state analysis that includes vulnerability posture, control adoption and remediation status of critical and high risks and exceptions.n * Coordinate response to Urgent-Critical vulnerabilities on divisionally managed IT and equipment, including gathering current-state vulnerability posture and remediation status.xc2xa0 Provide information to Enterprise Cybersecurity Operations as requested.n * Participate in Cybersecurity & Privacy Incident Response Team (CP IRT) events where divisional support is required. Provide information to Enterprise Cybersecurity Operations as requested.nEXPERIENCE, YOUxe2x80x99LL BRING:n * 10+ years of Information Technology roles with experience & understanding of Cyber (or IT) Risk Management practices.n * Broad security knowledge. Current understanding of Industry trends and emerging threats; and knowledge of incident response methodologies and technologies.n * Experience in the design, development, implementation, and operational support of business-critical solutions in large scale environments and organizations.n * Ability to translate technical/security issues to business users.n * Executive presence. Excellent verbal and written communication skills. Ability to communicate to a wide range of audiences incl. executives, business stakeholders and IT team members.n * Strong relationship, team building and facilitation skill.n * Experience in delivering projects leveraging global teams with matrix resources. Ability to influence others to achieve objectives.n * Project management/Implementation experience involving budget & resource management.n * High degree of initiative, dependability, and ability to work with little supervision.nPreferred but not necessary skills:n * Cyber security risk management experience. Experience with security practices such as security incident response and risk management.n * Working knowledge of frameworks, such as ISO 27001 and NIST.n * Pharma/Healthcare/Life Science/Finance background is preferrednWHAT WE OFFER:nAt Abbott, you can have a good job that can grow into a great career. We offer:n * Training and career development, with onboarding programs for new employees and tuition assistancen * Financial security through competitive compensation, incentives and retirement plansn * Health care and well-being programs including medical, dental, vision, wellness and occupational health programsn * Paid time offn * 401(k) retirement savings with a generous company matchn * The stability of a company with a record of strong financial performance and history of being actively involved in local communitiesnLearn more about our benefits that add real value to your life to help you live fully:xc2xa0 []nFollow your career aspirations to Abbott for diverse opportunities with a company that provides the growth and strength to build your future. Abbott is an Equal Opportunity Employer, committed to employee diversity.nConnect with us at [], on Facebook at [] and on Twitter @AbbottNews and @AbbottGlobal.'by Jobble

Keywords: Abbott, Santa Clara , Business Information Security Officer (BISO) - Santa Clara, Accounting, Auditing , Santa Clara, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

Santa Clara RSS job feeds