Omnicell, Inc.
Sr. Manager of Business Information Security Officers Dallas, TX, United States
Omnicell, Inc., Dallas, Texas, United States, 75215
Sr. Manager of Business Information Security Officers
The Business Information Security Officer (BISO) is responsible for partnering between the Omnicell Information Security Team and their line of business constituency helping the business and critical functions understand and implement security policies, risk assessment, training awareness, and additional processes which support the security by design of solutions across the enterprise.The Sr. Manager is responsible for leading and managing resources within the security team.This role is responsible for building out the BISO team to serve as trusted advisors, skilled communicators, and security advocates, additionally the Sr. Manager will work hand in hand with business leaders and key functional stakeholders in building out a robust and resilient security posture.
The BISO participates in information security governance processes as a member of the company’s Information Security committee and by providing business subject matter expertise in the development of new policies or revision to existing policies.They are also responsible for conducting risk assessments and communicating security policies in driving business unit awareness and compliance and monitoring their adoption across the business.Responsibilities include:
Responsibilities:
Champion Security within the Business: Drive the adoption of cybersecurity controls across business units through clear communication, education, and stakeholder engagement.Advocate for and communicate the impact of security policies and changes to business leaders.
Strategic Alignment: Align information security priorities and initiatives with the overall business strategy and roadmap.
Security by Design: Partner closely with product and engineering teams to embed security principles into the design and development of new features and products.
Risk Management & Compliance: Support the Information Technology Risk Program by collaborating with business units to document and address exceptions to security policies.
Risk Assessment: Advise business unit management on information security risks and recommend appropriate mitigation strategies aligned with company policies and regulatory requirements.
Vulnerability & Threat Management: Drive the remediation or mitigation of vulnerabilities, security audit findings, penetration test results, and other identified security risks.
Performance & Reporting: Define, track, and report key performance indicators (KPIs) and metrics related to information security relevant to the business for both technical and non-technical audiences.
Team Leadership & Development: Oversee the day-to-day management of a geographically dispersed team.Foster a high-performing team environment by providing guidance, mentorship, and career development opportunities.
Security Awareness & Culture: Contribute to and lead company-wide security awareness initiatives and materials.Cultivate a strong security culture across the organization by fostering a "security advocate" mindset.
Emerging Technology & Incident Response: Proactively communicate and plan for the adoption of emerging technologies within the context of information security. Participate in and support cyber security incident response activities as needed.
Required Skills and Knowledge: Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Knowledge of security and control frameworks, such as NIST, ISO, HITRUST, and HIPAA Security with applicable knowledge of best practices.
Expertise in Cloud Computing Security.
Healthcare, Pharmacy or Medical Device Experience
Demonstrable experience with understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.
Demonstrable experience with the ability to work effectively with diverse teams and varying personalities and adapt management style to effectively reach mutually beneficial outcomes.
Ability to demonstrate strong risk management, risk assessment and remediation skills.
Demonstrate the management of remote teams.
Excellent communication skills and the ability to translate highly complete technical concepts and process to the language of the business.
Previous experience with completing and executing governance, risk and compliance security questionnaires.
Experience in demonstrating collaboration with Incident Response activities in an organization.
Basic Qualifications:
Bachelor’s Degree plus 8 years’ Information Technology experience OR
HS Diploma/GED plus 10 years information technology experience.
7 years management experience in IT related applications, processes, and procedures
Proven experience partnering with an engineering, product and manufacturing (Operational Technology) team to bring about a security first mindset.
Preferred: Security Certifications: CISSP, CISA, CRISC or CISM
Technical Certifications: AWS Security Specialist
Work Conditions: Hybrid (Dallas) / Office Environment
Flexibility to be available outside of regular business hours/weekends to support critical security incidents / events.
Occasional travel up to once per quarter.
#J-18808-Ljbffr
Champion Security within the Business: Drive the adoption of cybersecurity controls across business units through clear communication, education, and stakeholder engagement.Advocate for and communicate the impact of security policies and changes to business leaders.
Strategic Alignment: Align information security priorities and initiatives with the overall business strategy and roadmap.
Security by Design: Partner closely with product and engineering teams to embed security principles into the design and development of new features and products.
Risk Management & Compliance: Support the Information Technology Risk Program by collaborating with business units to document and address exceptions to security policies.
Risk Assessment: Advise business unit management on information security risks and recommend appropriate mitigation strategies aligned with company policies and regulatory requirements.
Vulnerability & Threat Management: Drive the remediation or mitigation of vulnerabilities, security audit findings, penetration test results, and other identified security risks.
Performance & Reporting: Define, track, and report key performance indicators (KPIs) and metrics related to information security relevant to the business for both technical and non-technical audiences.
Team Leadership & Development: Oversee the day-to-day management of a geographically dispersed team.Foster a high-performing team environment by providing guidance, mentorship, and career development opportunities.
Security Awareness & Culture: Contribute to and lead company-wide security awareness initiatives and materials.Cultivate a strong security culture across the organization by fostering a "security advocate" mindset.
Emerging Technology & Incident Response: Proactively communicate and plan for the adoption of emerging technologies within the context of information security. Participate in and support cyber security incident response activities as needed.
Required Skills and Knowledge: Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Knowledge of security and control frameworks, such as NIST, ISO, HITRUST, and HIPAA Security with applicable knowledge of best practices.
Expertise in Cloud Computing Security.
Healthcare, Pharmacy or Medical Device Experience
Demonstrable experience with understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.
Demonstrable experience with the ability to work effectively with diverse teams and varying personalities and adapt management style to effectively reach mutually beneficial outcomes.
Ability to demonstrate strong risk management, risk assessment and remediation skills.
Demonstrate the management of remote teams.
Excellent communication skills and the ability to translate highly complete technical concepts and process to the language of the business.
Previous experience with completing and executing governance, risk and compliance security questionnaires.
Experience in demonstrating collaboration with Incident Response activities in an organization.
Basic Qualifications:
Bachelor’s Degree plus 8 years’ Information Technology experience OR
HS Diploma/GED plus 10 years information technology experience.
7 years management experience in IT related applications, processes, and procedures
Proven experience partnering with an engineering, product and manufacturing (Operational Technology) team to bring about a security first mindset.
Preferred: Security Certifications: CISSP, CISA, CRISC or CISM
Technical Certifications: AWS Security Specialist
Work Conditions: Hybrid (Dallas) / Office Environment
Flexibility to be available outside of regular business hours/weekends to support critical security incidents / events.
Occasional travel up to once per quarter.
#J-18808-Ljbffr