Business Information Security Officer - Finance

Details

As a Business Information Security Officer (BISO) for Finance, you will protect the confidentiality, integrity, and availability of the Finance department’s information assets. You will identify and assess security risks and vulnerabilities, enforce security policies and controls, and partner with Finance leadership to ensure a secure posture that supports business needs and critical activities while aligning with the organization’s risk appetite and regulatory obligations.

This role extends beyond a traditional advisory BISO model, with end-to-end ownership of DLP and surveillance controls, including active monitoring, investigation of data events, and escalation of policy violations and high-risk activity within the Finance environment. You will serve as the accountable security control lead for Finance, responsible for ensuring controls are effective today and continuously enhancing and scaling these capabilities as business risk, workflows, and technology evolve. The position requires a leader who can operate strategically with senior stakeholders while driving operational rigor and measurable control effectiveness.

Responsibilities

• Serve as the Business Information Security Officer (BISO) representative for the Finance organization, aligning information security strategy with business objectives, risk tolerance, and regulatory requirements
• Partner with Finance leadership to identify, assess, and prioritize information security risks; translate technical findings into clear business impact and actionable mitigation strategies
• Provide security oversight to ensure secure configuration and governance across collaboration platforms, including Microsoft 365, across single-tenant and multi-tenant environments
• Advise on secure data sharing practices for highly sensitive financial, regulatory, and strategic data across internal teams and third parties
• Lead and support risk assessments and security reviews for Finance systems, workflows, and third-party vendors; communicate identified risks, recommended mitigations, or formal risk acceptance requirements to business leadership
• Oversee and administer Data Loss Prevention (DLP) and surveillance controls, including policy tuning and alert review to reduce risk of data exfiltration and policy violations
• Investigate data events and potential incidents, escalate high-risk findings to appropriate leadership, and drive remediation to closure
• Review and interpret security monitoring logs, alerts, and metrics to identify trends, emerging risks, and control gaps
• Collaborate cross-functionally with Security, Technology, Legal & Compliance, Risk and Finance stakeholders to provide cohesive security support to the Finance environment
• Synthesize complex datasets (e.g., metrics, event trends, audit findings) into actionable insights using Excel, Qlik, or similar dashboarding tools, and present findings in executive-ready format
• Create tailored cybersecurity trainings and tabletop sessions for the Finance population
• Deliver concise, executive-ready reporting and presentations that clearly articulate risk exposure, control effectiveness, and recommended remediation strategies
• Provide security oversight when introducing new business workflows, including SaaS applications and/or AI tools, ensuring appropriate risk assessment and control implementation prior to deployment

Requirements

• Experience in information security, technology risk, or cyber risk management, preferably within financial services or other highly regulated environments
• Strong understanding of Microsoft 365 architecture, including identity and access management, tenant configurations (single and multi-tenant models), and secure collaboration controls
• Experience implementing or governing secure cloud collaboration environments at scale
• Hands-on experience with DLP technologies, surveillance programs, data classification frameworks, and secure data handling practices
• Experience conducting and documenting risk assessments, control testing, and gap analyses
• Familiarity with security monitoring, log analysis, and incident response processes
• Demonstrated ability to work across business, technology, and security stakeholders to influence risk-based decisions
• Strong analytical skills with the ability to synthesize large data sets using Excel, Qlik, or similar reporting tools
• Excellent written and verbal communication skills, with the ability to present complex risk concepts clearly to senior business leaders
• Ability to balance multiple projects, prioritize work, and develop and communicate timelines
• Strong attention to detail and creative problem-solving skills

Preferred Qualifications

• Professional certifications such as CISSP, CISM, or similar
• Experience supporting Finance, Treasury, or Regulatory Reporting functions
• Knowledge of financial regulations impacting data protection and recordkeeping (e.g., SOX, SEC, FINRA, DORA or global equivalents)
• Background in surveillance monitoring programs or insider threat risk management
• Advanced systems experience: SQL databases, Python

Benefits

The company offers a comprehensive benefits plan and a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) with match, life insurance, and various wellness programs. The Company does not provide benefits directly to contingent workers/contractors and interns.

Salary

Salary Range: 215,000 - 290,000 USD Annual + Benefits + Bonus