The Business Information Security Officer (BISO) is the senior information security partner within the R&D business function for all services and core solutions; responsible for prioritizing security risks across the line of business (BU’s), technology, and representing the CISO in functional security matters.
Focal point to work with business IT (BTO) to understand the security requirements and implications of business IT efforts and interact with the AbbVie Information Security and Risk Management (ISRM) team as needed. This role is a senior-level individual contributor role.
- Ensure coordination of activities between the R&D IT Leadership Team and the ISRM team.
- Ensure the implementation of ISRM, data protection and privacy standards across the business. Manage the security processes and effectively ensuring guidance in accordance to ISRM policies and procedures.
- Work with functional IT teams to develop mitigations for system security threats and risks.
- Serve as a cyber security subject matter expert (SME), coordinating and providing multi-disciplinary knowledge, skills, and experience in security architecture, and security management roles and responsibilities.
- Define, develop, and present critical risk KPI’s to business leadership.
- Provide consulting services on current and upcoming projects covering all levels IT security architecture.
- Review of vulnerability and patching analysis reports and management of resolution activities on behalf of business IT to assess risk level and prioritize action.
- Respond to customer queries in support of the business programs and projects.
- Manage and respond to Data Privacy and InfoSec support requests from across the business in coordination with the CISO
- Provide advice and guidance to management and customers.
- Participate with the Business Relationship Management (BRM) team and Security Working Group supporting the customers.
- Bachelor's degree and minimum 12 years of experience in Information Security, Information Assurance and/or Cyber Security space. Additional relevant experience and professional certifications will be considered in lieu of a degree.
- Experience in the information security field designing and implementing enterprise security solutions in a global context.
- Deep and broad understanding related to security encompassing end point technologies, applications, application hosting, physical and virtual data center hosting.
- Knowledge of information security management frameworks, e.g., ISO 27001 or NIST CSF.
- Experience with security practices such as security incident response and risk management.
- Experience in the design, development, implementation, and operational support of mission critical solutions in large scale environments and organizations.
- Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
- Experience in leading projects leveraging global teams with highly matrixed resources.
- Must be a critical thinker with strong problem-solving skills.
- Knowledge and understanding of relevant legal and regulatory requirements.
- Experience with contract and vendor negotiations.
- High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability, and ability to work with little supervision.
- Ability to think at systems / architecture level I.e. How do all the parts of the solution fit together not just design at element level.
- Proven ability in security process and organizational design; Current understanding of Industry trends and emerging threats; and knowledge of incident response methodologies and technologies.
- Advanced degree in applicable field
- Technical writing-comfortable writing reports for senior management
- 8+ years of IT security experience working in an infrastructure or security architecture environment.
- Cyber security risk management experience, e.g., conducting assessments, identifying risks, and recommending solutions.
Significant Work Activities: Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel: Yes, 10 % of the Time
Job Type: Experienced