Finding the best job has never been easier
PNC Security Director - Business Information Officer BISO United States, Ohio 559166677
22.09.2024
Share
As a Security Director - BISO within PNC’s Technology organization, you will be based in Pittsburgh, PA as the preferred location, or Strongsville, OH. The position is primarily based in a PNC location. Responsibilities require time in the office or in the field on a regular basis. Some responsibilities may be performed remotely, at the manager’s discretion.Responsibilities:
1. Stakeholder Engagement:
• Act as the primary point of contact between the business units and the information security team.
• Advises business leaders on risk issues related to information security and recommends actions in support of the divisions wider risk management and compliance programs.
• Translate business requirements into security solutions and policies.
• Provides guidance and advocacy regarding the prioritization of business investments that impact information security.
• Develop an understanding of business goals and reframe risk discussion in business terms.
• Ensures compliance with policies, regulations and information security tools and services.
• Participate in cybersecurity and business-related committees or working groups as necessary.2. Risk Management:
• Identify, assess, and prioritize security risks within business units.
• Develop and implement risk mitigation strategies in collaboration with the business units.
• Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture.
• Inform business partners of the risk implications of critical decision by combining empirical analysis with expert judgment to assess business decisions.
• Challenge business partners’ assumptions about value drivers and present an alternate perspective.
• Reshape business partners’ preconceived notions of success where appropriate.
• Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the organization.3. Security Policy Enforcement:
• Ensure that business units adhere to information security policies, standards, and procedures.
• Collaborate with the information security team to update policies and procedures as needed.4. Security Awareness and Training:
• Promote security awareness and best practices within business units.5. Project Management:
• Oversee and manage security-related projects within business units.
• Ensure that security considerations are integrated into the project lifecycle from initiation to completion.6. Metrics and Reporting:
• Develop and maintain security metrics to measure the effectiveness of the delivery of security capabilities into business initiatives.
• Provide regular reports on the security posture of business units to senior management.Qualifications:
• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field. Advanced degree preferred.
• Professional certifications such as CISSP, CISM, CRISC, or similar.
• Minimum of 10-15 years of experience in information security, with at least 3 years in a leadership or management role.
• Strong understanding of information security principles, practices, and frameworks (e.g., NIST, ISO 27001).
• Experience with risk management, incident response, and security compliance.
• Excellent communication and interpersonal skills, with the ability to interact effectively with technical and non-technical stakeholders.
• Strong project management skills, with the ability to manage multiple priorities and deadlines.
• Knowledge of regulatory requirements related to information security and data protection.
• Strategic thinking and problem-solving abilities.
• Ability to influence and drive change within an organization.
• Strong analytical skills and attention to detail.
• Proficiency in security tools and technologies.
• Ability to work independently and as part of a team.
• Is a confident, energetic self-starter, with strong communication skills
• Ability to develop a full and deep understanding of the business operations.
• Understanding of how business initiatives create value and risk for organizations.
• Able to effectively analyze risk within the context of business problems.
• Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes.
• Able to consistently, effectively defend ideas and solutions.
• Adept at improving outcomes through proactive team coaching and development.
• Strong problem-solving and trouble-shooting skills.
• Has the accessibility and ability to interface with, and build creditability and relationships with all stakeholders.
Job Description
1. Stakeholder Engagement:
• Act as the primary point of contact between the business units and the information security team.
• Advises business leaders on risk issues related to information security and recommends actions in support of the divisions wider risk management and compliance programs.
• Translate business requirements into security solutions and policies.
• Provides guidance and advocacy regarding the prioritization of business investments that impact information security.
• Develop an understanding of business goals and reframe risk discussion in business terms.
• Ensures compliance with policies, regulations and information security tools and services.
• Participate in cybersecurity and business-related committees or working groups as necessary.2. Risk Management:
• Identify, assess, and prioritize security risks within business units.
• Develop and implement risk mitigation strategies in collaboration with the business units.
• Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture.
• Inform business partners of the risk implications of critical decision by combining empirical analysis with expert judgment to assess business decisions.
• Challenge business partners’ assumptions about value drivers and present an alternate perspective.
• Reshape business partners’ preconceived notions of success where appropriate.
• Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the organization.3. Security Policy Enforcement:
• Ensure that business units adhere to information security policies, standards, and procedures.
• Collaborate with the information security team to update policies and procedures as needed.4. Security Awareness and Training:
• Promote security awareness and best practices within business units.5. Project Management:
• Oversee and manage security-related projects within business units.
• Ensure that security considerations are integrated into the project lifecycle from initiation to completion.6. Metrics and Reporting:
• Develop and maintain security metrics to measure the effectiveness of the delivery of security capabilities into business initiatives.
• Provide regular reports on the security posture of business units to senior management.Qualifications:
• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field. Advanced degree preferred.
• Professional certifications such as CISSP, CISM, CRISC, or similar.
• Minimum of 10-15 years of experience in information security, with at least 3 years in a leadership or management role.
• Strong understanding of information security principles, practices, and frameworks (e.g., NIST, ISO 27001).
• Experience with risk management, incident response, and security compliance.
• Excellent communication and interpersonal skills, with the ability to interact effectively with technical and non-technical stakeholders.
• Strong project management skills, with the ability to manage multiple priorities and deadlines.
• Knowledge of regulatory requirements related to information security and data protection.
• Strategic thinking and problem-solving abilities.
• Ability to influence and drive change within an organization.
• Strong analytical skills and attention to detail.
• Proficiency in security tools and technologies.
• Ability to work independently and as part of a team.
• Is a confident, energetic self-starter, with strong communication skills
• Ability to develop a full and deep understanding of the business operations.
• Understanding of how business initiatives create value and risk for organizations.
• Able to effectively analyze risk within the context of business problems.
• Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes.
• Able to consistently, effectively defend ideas and solutions.
• Adept at improving outcomes through proactive team coaching and development.
• Strong problem-solving and trouble-shooting skills.
• Has the accessibility and ability to interface with, and build creditability and relationships with all stakeholders.
Job Description
- Leads the enterprise-wide investigative team in matters of alleged violations of laws and or regulations concerning criminal matters, associated with fraud, computer crimes, intellectual property and other security issues.
- Directs and creates enterprise vision, strategy, policy and process for investigations of suspected criminal activities.
- Leads the collaboration with internal and external partners that may include local, state or federal law enforcement agencies in order to achieve maximum results.
- Balances customer experience with the need to investigate suspected financial crimes across the enterprise by acting as a senior business partner liaison for fraud vision and strategy. .
- Oversees the development of analytical tools to manage common points of compromise testing, valuation and usage identification. Directs the definition of business requirements for new fraud prevention tools and data sources
PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:
- Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
- Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.
PNC also has fundamental expectations of our people managers. As a manager of talent in PNC, you will be expected to:
- Include Intentionally - Cultivates diverse teams and inclusive workplaces to expand thinking.
- Live the Values - Role models our values with transparency and courage.
- Enable Change - Takes action to drive change and innovation that will transform our business.
- Achieve Results - Takes personal ownership to deliver results. Empowers and trusts others in decision making.
- Develop the Best - Raises the bar with every talent decision and guides the achievement of all employees and customers.
Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and requiredneeded to be successful in this position.
Analytical Thinking, Consulting, Emerging Technologies, Fraud Detection and Prevention, Operational Risk, Regulatory Environment - Financial ServicesRoles at this level typically require a university / college degree and higher level education such as a Masters degree, PhD, or certifications. Industry -relevant experience is typically 8+ years. At least 5 years of prior management experience is typically required. Proven leadership experience with a large scope of responsibility is required. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.No Required Certification(s)No Required License(s)PNC offers a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives. In addition, PNC generally provides the following paid time off, depending on your eligibility*: maternity and/or parental leave; up to 11 paid holidays each year; 8 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.*For more information, please click on the following links:
California ResidentsRefer to the
These jobs might be a good fit
