Business Information Security Officer Europe

JOB DESCRIPTION

ABOUT THE JOB

Were looking for a Business Information Security Officer (BISO) Europe to join our team in London reporting to the Senior Manager Business Information Security Office and Strategy.

As the BISO for Europe youll play a key role as the bridge between our central cybersecurity function and the regional business teams. Youll work closely with regional leadership to understand business goals embed cybersecurity including AIrelated risks into operational strategies and drive alignment between business and security objectives. Youll also lead efforts to identify and assess risks advise on mitigation approaches and foster a strong culture of security awareness across the region.

KEY RESPONSIBILITIES

Business Partnership & Advisory:

• Collaborate with regional business leaders and managers to serve as a trusted advisor on cybersecurity matters including new areas like AI security.

• Develop an understanding of regional team goals and processes to communicate cyber risks in ecommerce retail and wholesale business teams.

• Advise regional management on cybersecurity risk levels posture and the potential impact of threats.

• Support regional leadership by contributing to the costbenefit analysis of information security programs.

• Partner with Privacy team and legal counsel on several due diligence and data related functions.

Risk Management & Governance:

• Support the implementation and management of regional thirdparty risk management activities which includes performing thirdparty risk assessments.

• Experience with PCI compliance. Manage lead and conduct PCI assessment for the different countries in scope partnering with app owners and payment gateway solutions.

• Help build the regional data loss prevention (DLP) program components and understand business impact.

• Advise on the implementation of corporate AI governance and security posture management for AI systems within the region.

• Ensure regional adherence to risk remediation protocols tracking mitigation efforts and exceptions according to established frameworks and standards (NIST CSF CIS etc..

• Help establish a clear path to communicate risk within supported businesses.

Communication & Culture:

• Constructively engage partners regarding cybersecurity issues and requirements. Maintain relationships with respective point of contacts.

• Understand different cultures in the European regions and stay on top of changing and new regulatory requirements.

• Educate regional partners on cybersecurityrelated matters including data and operational risks and best practices to increase awareness and foster a securityconscious culture.

• Participate in relevant cybersecurity and businessrelated councils or working groups.

• Facilitate communication between regional departments and central cybersecurity teams (e.g. security architects engineers).

ABOUT YOU

• Bachelors degree in Information Security Computer Science Engineering or a related field.

• Experience engaging with and influencing multiple management levels regarding business specific Information Security Risk briefing and reporting.

• Experience operating within the European regulatory landscape (e.g. GDPR).

• 6 years of experience in cybersecurity Network/Application security IT risk management or a similar role with demonstrated experience in business partnering or liaison functions.

• Experience with cybersecurity principles risk management frameworks (e.g. NIST CSF CIS v8 PCI etc. and security technologies.

• Familiarity with AI concepts AIspecific security risks and AI governance frameworks (e.g. NIST AI RMF EU AI Act principles). Experience with AI security posture management.

• Relevant certifications (e.g. CISSP CISM CRISC).

LS&Co. is an affirmative action and equal employment opportunity welcome and value people from diverse cultures backgrounds and experiences to make LS&Co. a collective success.

#LIhybrid

LOCATION

FULL TIME/PART TIME

Current LS&Co Employees apply via your Workday account.