Job Description· Client Information Protection (CIP) is seeking an experienced Information Security professional for the role of Business Information Security Officer (BISO) supporting the client pharmacy cyber-security landscape. · Serve as a trusted advisor with Pharmacy /PBM leadership.· Act as a liaison to ensure cybersecurity practices are built into initiatives for the entire lifecycle.· Leverage Shared Service Integrated Cyber Risk Management Framework to help the business effectively manage business risk.· Work closely with business leadership to instill cybersecurity policies and practices to address security operations, incident response, application security and infrastructure.· Be actively informed and engaged in security projects across the business ensuring projects are focused on cybersecurity from the beginning.· Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure, and applications.· Enforce the strong security culture set forth by the CISO.· Openly support the CISO, management team and executive leadership, even during tumultuous times.· Foster strong relationships with the business area and excel in cybersecurity communication.· Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business unit.· Identify and document threats and vulnerabilities that may impact the business and address them regularly through various touchpoints and forums.· Proactively document and track security risks, remediation plans, exceptions, and control deficiencies· In conjunction with CIP and Pharmacy leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to in terms that are accessible and comprehensible.· Provide motivation to adopt cybersecurity controls.· Stay abreast of new laws, regulations, and standards, and assess their impact to the business.· Perform other duties as assigned.Skills· Minimum of 5 years of information security or related risk management experience· Experience with and knowledge of a broad range of security topics covering industrial controls systems, operational technology, information protection, application and infrastructure security, vulnerability management, and incident response.· Knowledge of industry standards and frameworks (NIST, SOC1, SOC2, HIPAA, PCI, etc.)· Proven track record of successfully influencing and leading peer and matrix teams where no direct reporting relationship exists.· Strong leadership qualities and business acumen to engage with all levels of the organization.· Ability to understand business ecosystem and define a related threat landscape.· Ability to translate information security and technical controls into business terms that are easily understood.· Excellent verbal, written, and presentation skills.· Ability to work a flexible schedule to accommodate project deadlines.· Strong collaboration skills Education: · Bachelor’s degree in related field or equivalent experience· CISSP or other security related certification preferred (CISM / CRISC)