Specialist II, Business Information Security Officer (BISO)

Qualifications:

• 3 to 5 years of experience working in risk and compliance management, internal security controls, internal/external security assessment or audit, internal or cyber incident investigations.
• Bachelor's degree preferred in Security or Information Technology.
• Experience in the BPO industry working in quality, security compliance or delivery strongly preferred.
• Deep understanding of BPO Business Operation and CRM services delivery processes.
• Ability to identify performance and opportunity gaps.
• Process driven and an eye for detail
• Demonstrable experience of driving operational implementation of risk reduction initiatives, across business units, using influencing and security skills
• Solid background of key network and technical security controls

BISO Responsibilities:

• Drive the highest Integrity and Ethical standards across the staff and the accounts in scope.
• Provide governance to operations management team and Quality Assurance team for effective and efficient surveillance and monitoring towards pro-active security and business process non-compliance issue identification.
• Collaborate with respective supporting functions/departments (IT, HR, Facility, Legal, DPO, etc.) to address relevant security issues/risks.
• Perform internal audit/assessment on regular basis based on different business process compliance management and risk control mechanisms in different accounts to ensure the full compliance as per relevant standard and identify potential issues/risks.
• Work closely with the operation team to get all identified non-compliance items fixed in a timely manner to drive for closure and proactively propose and deploy extra preventive controls where appropriate.
• Establish and execute a robust methodology for periodic reviews aiming to highlight the gaps that exist in the operational processes.
  • Analyze operational data to identify trends, root causes of business issues, and/or opportunities.
  • Provide recommendations for corrective and preventive actions and suggest improvements to the processes.
  • Review and report the results and present them to management team.
• Ensure partnership with accounts management team for Proactive Compliance Risk Management – identification, assessment, risk action planning, and closures.
• Coordinate and support Global Security Assessments (GSAs) - a holistic assessment (technology, HR, operations, finance, etc.) of risks being faced by delivery operations and No Notice Inspections (NNIs) conducted against the specific accounts in scope.
• Conduct employee awareness and assist in developing training materials and where necessary assist in specific training.

Accountability:

• Primary contact for security matters in country/region as appropriate
• Accountable for local implementation of country specific global security strategies and initiatives
• Delivery of established Global Security metrics as well as all visibility enabling initiatives, country-wide
• Study the contracts signed with Clients, and validate continuous contractual compliance for all controls, both physical and logical.
• Must have strong project leadership experience and ability to work with global, multi-cultural teams and drive to meet stringent deliverable timelines
• Accountable to drive identified account (client) and internal (corporate) risks, in partnership with key stakeholders, through to remediation or risk sign-off
• Plan, participate and execute Global Security Assessments (GSAs) in specific country per GSA Schedule / Calendar identifying both internal & external vulnerabilities
• Lead & Execute in the action planning activity as necessary to close identified vulnerabilities the security and business process compliance in various accounts to meet business and client expectation.

#LATAMCNX