Assistant Vice President, Business Information Security Officer

Overview

The AVP of Business Information Security Officers (BISO Leader) will serve as a critical bridge between the centralized cybersecurity organization and the business units across the enterprise. This senior leader will oversee a team of BISOs aligned to various lines of business, ensuring that security strategies are tailored, understood, and embedded into business operations. The role requires a seasoned security professional with deep business acumen, excellent stakeholder management skills, a strong understanding of Cyber and IT, and experience operating in a complex, regulated financial environment.

This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.

Responsibilities

• Lead and manage the network of Business Information Security Officers (BISOs) across all lines of business
• Act as the primary interface between the CISO organization and business unit leadership and risk teams to ensure alignment on security priorities, risks and compliance
• Develop and drive federated BISO program that empowers decentralized decision-making while maintaining centralized governance and standards
• Translate enterprise security strategy and polices into actionable roadmaps for business units
• Guide BISOs in identifying, assessing, and mitigating information security risks within their respective business areas
• Ensure BISOs support secure product development, technology deployments, and digital transformation initiatives
• Report business unit-specific security postures, risks, and KPIs to executive leadership
• Collaborate with enterprise risk, compliance, legal, audit, and IT teams to support integrated risk management
• Lead regular reviews with business and security stakeholders to track progress, surface issues and escalate risks as needed
• Foster a culture of security awareness, accountability, and partnership throughout the organization
• Perform supervisory/managerial responsibilities
  • Ensure adequate/skilled staffing; select employees
  • Establish performance goals and priorities
  • Prepare, conduct, and review performance appraisals
  • Develop, mentor and counsel staff
  • Provide input and/or prepare budget requirements for Annual Financial Plan (AFP)
  • Ensure section/branch goals and objectives align with division/department strategy
  • Ensure efficiency of operations
• Perform other duties as assigned

Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field or the equivalent combination of education, training, and experience
• 10+ years of experience in information security, IT risk management, or a related field
• Experience in Information Security leadership roles to include delegation, coaching, and mentoring skills and the ability to make sound long and short-term business decisions
• Strong understanding of security frameworks and regulatory requirements in the financial industry
• Mastery of industry standards as shown by certifications: (ISO, NIST, COBIT, COSO, ITIL)
• Advanced knowledge of federal and state laws, rules and regulations governing information security requirements, frameworks, privacy, and data protection (e.g., FFIEC, NCUA, CFPB, GLBA, etc.)
• Experience with transforming Information Security strategies in partnership with the business with ability to effectively apply risk principles to challenging business situations
• Experience with information security concepts, principles, technologies, and methods, and translating best practices in information security to operations in a risk management framework
• Working knowledge of activities within common lines of business (e.g., HR, Finance, Legal, etc.)
• Ability to translate business strategy into information security strategy, programs, and initiatives, then lead the execution of the programs
• Ability to present and facilitate workshops and discussions, and create compelling and engaging presentations to an array of audiences
• Experience in agile methods and ways of working; Six Sigma or process analysis and/or change management strategies in order to influence and assist organizational change initiatives
• Ability to manage multiple, complex priorities and competing agendas
• Ability to interpret and apply policies and regulations across large, complex business lines
• Ability to analyze and interpret business metrics and information security analytics to develop action plans and ensure successful implementation
• Proven experience in a consultative capacity to senior business leaders, shaping strategy, goals and alignment to the enterprise information security program

Desired Qualifications

• Master's degree in Computer Science, Information Technology, Cybersecurity, or a related field or the equivalent combination of education, training, and experience
• Experience in the financial industry preferred with knowledge of industry standards (FFIEC, GLBA, NCUA, PCI DSS)
• Mastery of industry knowledge: CISM, - CISSP, CIPP/US, SSCP Certifications and other security certifications preferred
• Advanced knowledge of the relationships between Security divisions and the BISO model
• Advanced knowledge of Navy Federal's functions, philosophy, operations and organizational objectives and security practices, processes, and interdependencies across NFCU and third parties

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5510 Heritage Oaks Drive, Pensacola, FL 32526 | 141 Security Drive, Winchester, VA 22602

About Us