The role of Business Information Security Officer (BISO) really shot onto the scene a few years ago. And although many companies are hiring for a BISO right now, there are still a lot of questions about the role.
What, exactly, is the job description of a Business Information Security Officer? What does a BISO do and how does it differ from the role of CISO?
We asked U.S. Bank Vice President and BISO Mike Kearn to clear up the confusion by explaining his role. He's on the Advisory Council for SecureWorld Twin Cities, and we interviewed him in downtown Minneapolis.
Watch this 60-second video interview as Kearn explains BISO best practices, or read excerpts below:
[SecureWorld] If you had to describe the BISO role in a couple of sentences, what would you say?
[Mike Kearn] I work with the technology leadership and the business leadership to bake security into their strategic plans. So I'm a liaison back to the greater security organization and the operational teams. I'm there to ensure the directions of our CISO are being followed and adhered to and I'm there to guide, consult, and partner with those leaders.
[SW] To whom do you report?
[Kearn] I report up through the CISO of the organization.
[SW] What are the top keys to success for Business Information Security Officers?
[Kearn] Being able to work with various types of people effectively is critical. Second would be communication skills. I never have the luxury of working with people who understand what I do, so I have to be able to translate that into something that is digestible for them. And you have to be technically competent—and able to translate that.
SecureWorld also recently spoke with U.S. Bank CISO Jason Witty about his role. It is interesting to note that he also ranked communication skills as key for information security leaders.
[Resource: Cybersecurity conference calendar]