The Business Information Security Officer (BISO) is the Cyber Security & Assurance primary point of contact for the assigned region/business unit, driving the creation and supporting the implementation of the Cyber Security program. The BISO is a security leader for their area of responsibility and works closely with the CISO. As a trusted advisor, the BISO will collect business requirements, and will provide advice and oversight to ensure that Information Security policy is complied with for processes and systems.
Combining business acumen with technical knowledge, the BISO assists in improving the information security posture with respect to delivering services and partnering with the regional/business unit leadership. The BISO will understand the key assets and processes, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, the BISO will ensure business compliance with K-C Information Security Policy and Standards while continuously monitoring and reporting on risks and documented exceptions. The BISO helps the business achieve their objectives while not compromising K-C’s security posture.
Specific responsibilities will include:
Develop and maintain in depth understanding of region/business unit processes, systems, technologies, data, customers, consumers, partners
Act as the primary local security contact / adviser for the IT leadership and the IT Business Partners, IT Infrastructure, IT Architecture, HR, Finance, Legal and other local personnel
Partner with local Compliance, Legal, IT resources to achieve effective working relationships that can further the effectiveness of the Security program
Implement the Information Security Policies and Standards across the assigned region / business unit
Communicate, oversee and carryout technical implementations of security solutions required to meet business objectives
Proactively identify noncompliance and areas of potential improvement, and facilitate development and deployment of standard solutions
Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc.)
Participate in region/business unit related conferences, client facing engagement, industry forums to represent the Cyber Security program
Provide regular and timely reporting on the status of cyber security across the region/business unit
Provide escalation path for security issues, incidents and inquiries
Work with Security Incident Response and Crisis Management teams to assist in effectively driving incidents to acceptable resolution; assist with investigations as needed
Provide Cyber Security Guidance across functions and regions.
Drive remediation activities across the Central and South America (LAO) Region for Kimberly-Clark Consumer and Kimberly-Clark Professional (KCP) business, including the Mexican subsidiary K-C de Mexico.
Collaborate with the Cyber Defense Operations and Cyber Security Engineering teams to develop a technical roadmap.
Work with the Compliance and Information Risk Management team to drive policy and regulatory compliance.
Assist on the implementation and translation of information security policies.
Drive Service Level Management for Cyber security and Assurance.
Educate Cyber Security Teams around Kimberly-Clark business processes and needs.
Measure control effectiveness and maturity across LAO and Kimberly-Clark’s organizational functions (HR, Finance, Marketing, Legal, etc.).
Bachelor's degree required, preferably in computer science or information systems
10+ years of Information Technology, with a background in Security and Compliance experience
Ability to communicate clearly and effectively with both technology/development and business partners
Strong relationship, team building and facilitation skills
Ability to translate technical/security issues to business users
Ability to independently influence others to achieve objectives
Experience working in a matrix model, as the BISO supports operational and transformational efforts for a given region or organizational function across Kimberly-Clark
Service Level Management experience
Knowledge and experience of Information Security Risk and Security governance
Strong fluency in English, Spanish and Portuguese (required)
CISSP, CISM or related certification is a strong plus
ITILv3 / ITSM certifications
Kimberly-Clark and its well-known global brands are an indispensable part of life for people in more than 150 countries. Every day, 1.3 billion people - nearly a quarter of the world's population - trust K-C brands and the solutions they provide to enhance their health, hygiene, and well-being. With brands such as Kleenex, Scott, Huggies, Pull-Ups, Kotex, and Depend, Kimberly-Clark holds No.1 or No. 2 share positions in more than 80 countries. With a 135-year history of innovation, we believe in recruiting the best people and putting them in the right jobs so that they can do their best work. If fresh thinking and a passion to win inspire you, come Unleash Your Power at Kimberly-Clark.
Kimberly-Clark is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity or any other characteristic protected by law.
The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.
K-C requires that an employee have authorization to work in the country in which the role is based. In the event an applicant does not have current work authorization, K-C will determine, in its sole discretion, whether to sponsor an individual for work authorization. However, based on immigration requirements, not all roles are suitable for sponsorship. This position is subject to drug and alcohol testing, including pre-employment testing.