Granicus is looking for Business Information Security Officer for the Australia/New Zealand (ANZ) region. Granicus is the largest cloud solutions provider for government and provides technology that empowers government organisations to create better lives for the people they serve.
ANZ BISO will be responsible for guiding all security-related efforts in the regions, acting as the head of Information Security for all local business units. This role will work closely with regional technology and business leaders to adopt and implement the security program, as well as with our broader Information Security team and leadership to make business-informed decisions on risk, policies, and security controls. The BISO is a trusted advisor to and functionally part of the local leadership team; as such, the ideal candidate is a cyber security expert who takes a pragmatic, risk-based approach to their work, with the ability to move seamlessly between executive-level, strategic conversations and more tactical governance and execution of security-related efforts.
The BISO must be collaborative in nature, acting as a true enabler of the business and partner to local leaders and teams, driving security outcomes through influence, and being able to think critically about corporate strategy and risk landscape, translating it into clear, specific objectives for business units.
What You'll Do:
- Provide strategic consultation and thought leadership to in-region business and technology leadership regarding information security requirements and risks, and assist with prioritisation and investment decisions based on corporate strategy.
- Maintain and provide reporting on business unit security issues, projects, and metrics on a regular cadence, aligned with enterprise cadence and processes.
- Establish and facilitate relevant reporting and governance forums (e.g., steering and risk committees) to provide robust security and risk updates to local leadership.
- Lead all security and privacy efforts, including audits, required to maintain compliance with relevant standards and regulations (e.g., ISO 27001, PCI); drive and govern any mitigation work related to findings. Stay ahead of emerging regulations and requirements and ensure they are included in corporate roadmaps.
- Support local customer facing teams as necessary, including answering ad-hoc questions, completing questionnaires, and joining customer calls.
- Be the accountable point of contact for any security escalations across the region and manage/report on any resulting work efforts through completion, partnering and escalating as necessary (e.g., incident response, critical vulnerability patching).
- Act as a force multiplier for in-region implementation of enterprise security efforts by working with local teams to enable progress (e.g., engaging appropriate personnel, influencing priority and investment, ensuring completion of projects, escalating as necessary).
Who you are:
- Bachelors and/or Masters degree in Computer Science, Information Technology, or related field
- 10+ years of Information Security and Information Technology experience.
- 5+ years leading Information Security functions, with demonstrated results through influence.
- Broad knowledge across all relevant facets of a holistic, modern security program, including strong understanding of current and emerging trends and threats..
- Demonstrated track record of efficient, scaled delivery with small teams, directly taking on and providing deliverables.
- Demonstrated experience with Risk Management practices, including effectively applying risk principles to business scenarios.
- Demonstrated experience with security and privacy assessments, including interaction with auditors.
- Strong understanding of common security and privacy frameworks and regulations (NIST 800-53, GDPR).
- Strong technical aptitude (with hands-on experience preferred), including ability to understand technical constructs, extrapolate relevant risk, and formulate tradeoffs; ability to quickly ramp up on technical topics to provide relevant input.
- Excellent executive presentation and communication skills.
- Ability to lead through influence, including at executive levels.