Business Information Security Officer

<div class="content-intro"><p><strong><u>Application and Interview Impersonation Notice</u>:&nbsp; </strong>Impersonating another individual when applying for employment, and/or participating in an interview process to assist another individual in obtaining employment, with Precisely Software Incorporated (“Precisely”) is unlawful. &nbsp;If Precisely identifies such fraudulent conduct, then as applicable and to the extent permitted by law, the application will be rejected, an offer (if made) will be rescinded, or the employment will be terminated, and legal action may be taken against the impersonators.</p> <p>Precisely is the leader in data integrity. We empower businesses to make more confident decisions based on trusted data through a unique combination of software, data enrichment products and strategic services. What does this mean to you? For starters, it means joining a company focused on delivering outstanding innovation and support that helps customers increase revenue, lower costs and reduce risk. In fact, Precisely powers better decisions for more than 12,000 global organizations, including 95 of the Fortune 100. Precisely's 2500 employees are unified by four company core values that are central to who we are and how we operate: Openness, Determination, Individuality, and Collaboration. We are committed to career development for our employees and offer opportunities for growth, learning and building community. With a "work from anywhere" culture, we celebrate diversity in a distributed environment with a presence in 30 countries as well as 20 offices in over 5 continents. Learn more about why it's an exciting time to join Precisely!</p></div><p><strong>This position is 100% remote anywhere in the US</strong></p> <p><strong>Overview: </strong><strong>&nbsp;</strong>Engage is a business unit within Precisely Software Incorporated, which produces a suite of SaaS and on-prem software products that handle personal data. We are looking for a Business Information Security Officer with experience aligning product design and delivery to information security compliance frameworks and privacy regulations. As part of the R&amp;D team, the Business Information Security Officer will manage a team who are responsible for overseeing a range of technical and process security controls. You will operate as one of several business unit and functional Business Information Security Officers and work within the Federated Infosec and Governance architecture under the guidance and governance frameworks of the Precisely Chief Information Security Officer and Chief Privacy Officer. You will be expected to align and maintain controls within the Precisely information security management system. They will ensure compliance to company information security policies and efficacy of standard controls. You will work with the Precisely InfoSec Compliance and Privacy teams as well as Precisely’s external auditors to maintain current and future certification to compliance frameworks and regulations. You will work with internal product management, product development and professional services teams to ensure that team practices are in line with policies and will communicate the security risks to Precisely InfoSec risk boards and management. The role requires a thorough understanding of the technology underpinning the Engage software products, as well as a broad, up-to-date knowledge of information security frameworks, pertinent regulation and legislation, vulnerability management, incident management and response, secure development techniques and approaches, Cyber Security engineering and operations, and management and governance of Cyber Risk and Cyber Security. Having performed a similar role in a distributed organisation, you will have a strong information security background. <span class="Apple-converted-space">&nbsp;</span></p> <p><strong>What you will do:</strong></p> <p><strong>Information and Cyber Security Strategic Direction:</strong></p> <ul> <li>Align to Precisely&nbsp;Information Security&nbsp;Management System&nbsp;across the&nbsp;Engage&nbsp;business unit&nbsp;that&nbsp;addresses the needs of&nbsp;Engage, staff,&nbsp;partners, customers, and other external stakeholders in&nbsp;line with relevant legislation and industry standards&nbsp;</li> <li>Maintain current SOC&nbsp;1 &amp;&nbsp;2 Type II, HIPAA HITECH&nbsp;and ISO 27001&nbsp;&amp; 27701&nbsp;certification for&nbsp;Engage&nbsp;software products.&nbsp;</li> <li>Maintain documentation&nbsp;and processes&nbsp;necessary to&nbsp;comply with&nbsp;contractual obligations and&nbsp;customer&nbsp;security&nbsp;requirements.&nbsp;</li> <li>Implement&nbsp;additional&nbsp;compliance&nbsp;in coordination with Precisely InfoSec Compliance&nbsp;as needed for each software product.&nbsp;</li> <li>Maintain&nbsp;robust and fit-for-purpose operational procedures.&nbsp;</li> <li>Ensure that the structures and reporting systems are in place to allow the&nbsp;Engage&nbsp;Information Security team to&nbsp;work with the Precisely CISO Office in&nbsp;maintaining&nbsp;the highest standards of quality, legal and regulatory&nbsp;compliance&nbsp;and corporate governance in all areas.&nbsp;</li> <li>Provide advice and direction to the&nbsp;Engage&nbsp;Product Management team, on how software products can&nbsp;comply with&nbsp;regulations.&nbsp;</li> <li>Propose changes to the&nbsp;Engage&nbsp;Information and Cyber Security systems,&nbsp;processes&nbsp;and procedures by continuously analysing and reviewing&nbsp;appropriate&nbsp;security&nbsp;technologies and practices as informed by&nbsp;Precisely standards.&nbsp;</li> </ul> <p><strong>Security Operations:</strong></p> <ul> <li>Ensure that information and Cyber Security risks to&nbsp;Engage&nbsp;are&nbsp;identified&nbsp;and managed appropriately.&nbsp;</li> <li>Use and improve Precisely&nbsp;measures and metrics to support the assessment, reporting and ongoing improvement of the&nbsp;Engage&nbsp;information security posture.&nbsp;</li> <li>Work closely with internal stakeholders to keep abreast of planned changes to technologies, working practices, and business activities that could have an impact on&nbsp;Engage’s&nbsp;Information Security or risk profile.&nbsp;</li> <li>Maintain&nbsp;the Precisely&nbsp;information assurance framework for&nbsp;Engage, enforcing compliance with policies in conjunction with internal audit.&nbsp;</li> <li>Align to Precisely standards and oversee&nbsp;Cloud Governance procedures&nbsp;for all infrastructure running in the cloud.&nbsp;</li> <li>Coordinate quarterly DAST scans, annual&nbsp;internal pen&nbsp;testing&nbsp;and annual third-party penetration testing across all&nbsp;Engage&nbsp;products.&nbsp;</li> <li>Maintain&nbsp;accurate&nbsp;security scorecards across all products. Work with product teams to prioritise work to improve security score. Communicate security risks to&nbsp;Precisely InfoSec Risk Board and&nbsp;senior leadership.&nbsp;</li> <li>Coordinate monthly vulnerability scans for all internal and cloud-hosted infrastructure.&nbsp;</li> <li>Achieve high scores in third party cybersecurity ratings including BitSight to&nbsp;maintain&nbsp;brand reputation&nbsp;for&nbsp;Engage&nbsp;assets.&nbsp;</li> <li>Maintain&nbsp;accurate&nbsp;inventory of open-source&nbsp;component&nbsp;usage across&nbsp;Engage&nbsp;products. Coordinate legal review for use of components that breach policies.&nbsp;</li> <li>Coordinate annual legal review of privacy across&nbsp;Engage&nbsp;products.&nbsp;</li> <li>Ensure all&nbsp;Engage&nbsp;products&nbsp;comply with&nbsp;US cryptography export regulations.&nbsp;</li> <li>Assist&nbsp;investigations into information security breaches&nbsp;under&nbsp;Precisely Incident Response&nbsp;process&nbsp;with Precisely&nbsp;CyberSecurity&nbsp;Operations&nbsp;Center&nbsp;ensuring root-causes of such breaches are understood and addressed.&nbsp;</li> </ul> <p><strong>Presales Subject Matter Expert:</strong></p> <ul> <li>Assist&nbsp;as SME in responding&nbsp;to information security questionnaires during RFP process.&nbsp;</li> <li>Write and&nbsp;maintain&nbsp;technical security whitepapers for&nbsp;Engage&nbsp;software products.&nbsp;</li> </ul> <p><strong>What we are looking for:</strong></p> <p><strong>Experience:</strong></p> <ul> <li>Management of an Information Security&nbsp;Management System&nbsp;in a complex IT organisation encompassing service delivery, application&nbsp;development&nbsp;and IT infrastructure.&nbsp;</li> <li>Completion of Information Security questionnaires as part of RFP responses.&nbsp;</li> <li>Line management of team members.&nbsp;</li> </ul> <p><strong>Knowledge:</strong></p> <ul> <li>An excellent understanding of best practice within Information Security and risk management including standards such as ISO 27001.&nbsp;</li> <li>A&nbsp;strong&nbsp;understanding of&nbsp;one or more areas or&nbsp;legislation and regulations that&nbsp;impact&nbsp;information Security E.g.&nbsp;GDPR, HIPAA,&nbsp;PCIDSS, CCPA.&nbsp;</li> <li>An understanding of current and emerging threats and countermeasures and the&nbsp;product&nbsp;challenges to addressing these threats&nbsp;</li> <li>An understanding of Application Security threats and countermeasures&nbsp;</li> <li>A good practical knowledge of security technologies and wider business solutions including&nbsp;DevOps, Identity and&nbsp;Access&nbsp;Management,&nbsp;penetration testing tools,&nbsp;remote&nbsp;working&nbsp;and cloud technologies.&nbsp;</li> </ul> <p><strong>Skills:</strong></p> <ul> <li>The ability to work within a&nbsp;compliance or&nbsp;regulatory framework and to&nbsp;evidence&nbsp;continuous improvement.&nbsp;</li> <li>Excellent communication skills, both written and verbal. Ability to present complex or highly technical issues in simple and easy-to-understand formats.&nbsp;</li> <li>An ability to think and plan strategically and systematically while recognising the need to deliver to the business requirements.&nbsp;</li> <li>The ability to be pragmatic while balancing the needs of the&nbsp;business&nbsp;against security&nbsp;</li> <li>The ability to cut through organisational and political barriers to achieve the overall goal.&nbsp;</li> </ul> <p><strong>&nbsp;Qualifications:&nbsp;</strong></p> <ul> <li>An appropriate degree, equivalent&nbsp;qualification&nbsp;or experience.&nbsp;</li> </ul> <p><strong>&nbsp;Preferred requirements:&nbsp;</strong></p> <ul> <li>One or more of the following qualifications are highly desirable:&nbsp;</li> <li>Certified Information Security Manager (CISM)&nbsp;</li> <li>Certified Information Systems Security Professional (CISSP)&nbsp;</li> <li>Certified Information systems Auditor (CISA)&nbsp;</li> <li>Achieved Senior or Lead level certification in the NCSC’s Certified Cyber Professional scheme in one or more of Security and Information Risk Advisor (SIRA), IA Architect, IA Auditor, IT Security Officer&nbsp;</li> <li>Experience using&nbsp;GRC platforms&nbsp;to define and manage InfoSec policies, prepare for&nbsp;audits&nbsp;and&nbsp;manage risk.&nbsp;</li> <li>Experience of&nbsp;tooling to&nbsp;manage RFP responses.&nbsp;</li> <li>Perform&nbsp;SAST/DAST scans&nbsp;&amp;&nbsp;Pen Test&nbsp;assessments.&nbsp;</li> <li>Experience with&nbsp;automated cloud compliance.&nbsp;</li> </ul> <p>#LI-ZB1</p><div class="content-conclusion"><p>The personal data that you provide as a part of this job application will be handled in accordance with relevant laws. For more information about how Precisely handles the personal data of job applicants, please see the <a href="https://www.precisely.com/legal/precisely-global-applicant-and-candidate-privacy-notice/">Precisely Candidate Privacy Notice</a></p></div>