Business Information Security Officer

Job description:

Purpose:

The Business Information Security Officer (BISO) for Operational Technology (OT) and Customer Facing solutions serves as the primary security liaison between the cyber security organization and business units responsible for OT environments and externally delivered solutions. This role owns the security program for these domains, driving secure onboarding of systems and partners, maintaining documentation standards, participating in design and architecture reviews and leading security assessments for both OT networks and customer-facing solutions.

This is a highly cross functional role requiring deep technical security knowledge, strong stakeholder communication skills and an understanding of industrial control systems (ICS), and enterprise solution delivery. The BISO acts as a security strategist ensuring that security is embedded into processes from initial designs through ongoing operations post-delivery.

Reports to: NORAM Chief Information Security Officer (CISO)

Location: Sterling Heights, MI or Montreal, CAN

Department: IT Cyber Security Services

Key Responsibilities: Onboarding & Vendor/System integration

- Leading the security onboarding process for new OT Systems and customer facing solutions, ensuring all assets are assessed, documented and approved before production deployment.

- Define and enforce security requirements, including network segmentation standards, access control models, and identity management policies for OT and customer solution environments.

- Coordinate with procurement, legal and IT teams to ensure that third party vendors meet security baseline requirements through contract review and vendor risk assessments.

Documentation & Standards Management

- Own the security documentation library for OT and customer-facing solution domains including network diagrams, network flows, security control matrices, security plans and backup solutions.

- Develop and maintain security standards and procedures specific to OT environments.

- Ensure documentation remains current through periodic review cycles and is aligned with applicable compliance frameworks.

- Collaborate with engineering, operations and product teams to capture security architecture decisions and maintain accurate as

-built documentation. Design Review & Architecture Participation

- Participate in architecture design review as a security SME. EQUANS is an equal opportunity employer.

- Review proposed OT system architectures, network designs and customer solution designs for security gaps

- providing documented findings and remediation recommendations. Security Review & Risk Assessment

- Lead security reviews for OT network changes, new customer-facing solutions and significant modifications to existing deployments, producing risk assessment reports with prioritized findings.

- Coordinate penetration testing and vulnerability assessments activities scoped to OT and customer solution environments; track findings through remediation.

- Assess and communicate residual risk to business stakeholders and CISO, facilitating informed risk acceptance decisions when appropriate.

- Serve as the security point of contact for customer security questionnaires, audits and third party security assessments related to delivered solutions.

Minimum Qualifications Required Education/Experience

- Minimum of 7+ years in information security with at least 3 years focused on OT/ICS security or customer-facing solution security in a solutions provider, or managed services context.

- Demonstrated experience conducting security design reviews, architecture assessments, and risk analysis for complex networked environments.

- Working knowledge of OT/ICS security standards and frameworks.

- Familiarity with enterprise IT security frameworks

- Experience managing security documentation programs

- Strong understanding of network security principles; segmentation, DMZ design, firewall policy, remote access, identity and access management.

- Excellent verbal and written communication skills; ability to present security risk to both technical and non-technical audiences.

Preferred

- CISSP, CISM, GICSP or equivalent

- Direct experience with DCS, PLCs, historians or industrial IOT networks

- Experience working alongside regulated industries such as energy/utilities or manufacturing.

- Background in solutions delivery or managed security services

- Experience with security tooling relevant to OT and enterprise environments

- Familiarity with secure remote access solution implementations and designs.

Working Environment

The working environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is not exposed to weather conditions. The noise level in the work environment is usually moderate. The position could require some lifting.

"All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status".