LOB Business Information Security Analyst

GENERAL FUNCTION:

Sitting within Business Controls and reporting to the Business Information Security Officer (BISO) Manager, the Line of Business Information Security Officer (LOB BISO) provides an additional layer of defense through education and strategic mitigation of information security risk.

The Front Line LOB BISOs bridge the gap between business leaders and Information Security (IS) by providing consultation to business teams on information security matters based on the company's risk tolerance, and information security requirements. Consulting is prioritized daily based on the greatest security concerns and current strategic initiatives. Leveraging information security policies, standards, and procedures, in conjunction with Information Security expertise, the LOB BISO is a critical resource to assist the LOB with removing business process barriers encountered due to Information Security requirements.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

Leadership

• Work collaboratively with business leaders, risk partners, and other internal groups leaders to balance risk management with business initiatives, regulations, and customer experience.

• Participate in cross-functional discussions to identify opportunities for process improvement and consistency across lines of business.

• Help develop consistent LOB BISO processes on relevant information security risks, contribute to the development of risk-reducing measures, and support IS policies and strategic initiatives.

• Facilitate issue research and root cause analysis with LOB partners to determine resolution to issues or present potential solutions to BISO manager.

• Participate in Information Security related councils and working groups, as appropriate.

Advise and Consult LOB on Information Security Risks

• Promote Security Awareness communications / activities and educate LOB as appropriate.

• Provide guidance to comply with IS requirements and navigate resulting business process challenges.

• Assist with business process challenges related to IS requirements such as providing guidance on approved methods to share confidential and restricted data externally.

• Approval decisions on high risk IS processes such as elevated access (all Data Loss Prevention (DLP) entitlements) requests based on business justifications.

Liaison Between LOB and IS for Security-Related Processes, Initiatives, and Communications

• Point of contact for information security concerns / risks within LOBs such as insider threat.

• Identify LOB representative(s) to provide business process impact with existing and future IS policies, standards, and strategic projects.

• Provide input on IS process changes with end user impact and Enterprise-wide communications prior to implementation / distribution.

• Partner with IS Information Protection on enterprise data protection strategies.

• Reinforce bank-wide communication for IS policies / requirements changes.

• Identify opportunities for Security Awareness training and education.

Key Risk Indicator (KRI) Monitoring, Review, and Reporting

• Report KRI results, perform trend analysis, and share opportunities for improvement with LOB leaders.

• Drive Phishing and Data Loss Prevention (DLP) incident awareness and accountability in LOBs.

• Provide input to IS-related KRIs / metrics that are geared towards the LOBs.

MINIMUM KNOWLEDGE, SKILLS & ABILITIES REQUIRED:

• Bachelor's Degree or equivalent experience

• Two to five years' experience, combination business and information security experience

• Familiarity with Information Security concepts and best practices

• Business Controls, Education, or Consulting experience is preferred

• Banking industry knowledge or experience preferred

• Fifth Third Lines(s) of Business or experience preferred

• Project management experience preferred

PERSONAL ATTRIBUTES DESIRED:

• Demonstrate the ability to support the strategic direction of LOB BISO program to focus on activities that add the most value to LOBs

• Demonstrate the ability to advocate and socialize the LOB BISO program strategy with all stakeholders

• Analytical aptitude with an emphasis on investigative methodical critical questioning and logical thinking

• Ability to interpret and apply policies and regulations across a large, complex business

• Ability to identify and mitigate information security risks within business processes

• Ability to manage multiple complex priorities while remaining flexible when priorities shift as the LOB BISO program matures

• High level of interpersonal skills with ability to interact with employees and leaders at multiple levels and be a positive influence during LOB BISO team and stakeholder interactions

• Available 24/7 for information security incident / issue analysis and resolution