job summary:
(Must be able to go onsite in Mount Laurel, NJ two days a week)
Job Title: Business Information Security Officer (BISO) - Technology Risk & Vulnerability Management
Role Summary
We are seeking a dedicated and experienced Business Information Security Officer (BISO) to support cybersecurity alignment and risk mitigation for US-based applications. This role focuses heavily on overseeing "Currency Uplifts"-the critical process of updating applications and their underlying infrastructure away from end-of-support (EOS) tools, infrastructure, and solutions.
The successful candidate will be responsible for validating risk assessments, tracking control exceptions, and ensuring all assets within the portfolio meet established corporate security standards. Acting as a vital bridge, this role provides reporting and visibility to the US Governance, Risk, and Compliance (GR&C) team to proactively identify out-of-compliance assets and drive risk reduction.
Core Responsibilities
Risk Assessment & Validation: Partner with core BISOs, Business Asset Owners (BAOs), and Technology Asset Owners (TAOs) to review, update, and complete Technology Asset Risk Assessments (TARAs) to identify inherent risk, and Control Gap Assessments (CGAs) to evaluate residual risk.
Scope & Compliance Governance: Act as the gatekeeper to ensure all active projects stay strictly within the defined scope of the currency uplift mandate. Track control exceptions and ensure strict alignment with corporate security frameworks.
Cross-Functional Collaboration: Serve as the primary liaison between specialized currency teams and the broader US BISO organization. Participate heavily in weekly alignment meetings, project standups, and stakeholder syncs (occupying approximately 50% of the daily schedule).
Vulnerability Tracking & Reporting: Monitor and track the overall success of currency uplifts against key metrics, specifically focusing on the reduction of asset vulnerabilities, control gaps, and End-of-Life/End-of-Support (EOL/EOS) concerns.
Metrics & Dashboards: Compile and deliver weekly tracker reports identifying work completed, project milestones achieved, and risk escalations or concerns.
Candidate Qualifications
Must-Have Technical Skills (Hard Skills)
Information Security Experience: Minimum of 5 years of dedicated experience in Information Security, IT Risk, or Cyber GRC roles.
First Line of Defense (1LoD): Proven experience operating within a 1B Line of Defense framework, directly managing and mitigating operational tech risk.
Risk Assessment Frameworks: Deep practical knowledge of Risk Technology Frameworks, including the execution of inherent and residual risk methodologies.
Core GRC Tools: Hands-on proficiency with Archer (GRC platform) and ServiceNow for tracking, reporting, and workflow management.
Professional Skills (Soft Skills)
Autonomous Execution: Ability to work independently, take ownership of a portfolio, and drive tasks to completion with minimal supervision.
Advanced Time Management: Highly organized with the ability to balance heavy meeting schedules (~50% of time) with deep-work analytical tracking and reporting.
Communication & Influence: Strong internal stakeholder management skills, with the ability to cleanly communicate risk concepts to both technical (TAOs) and non-technical (BAOs) partners.
Nice-to-Have Qualifications
Industry-standard security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent risk/security training.
Position Context & Logistics
Interaction Landscape: 100% internal stakeholder interaction (No external client-facing responsibilities).
Data Access: This position is purely governance and risk-focused; the contractor will not have access to customer production data.
location: Mount Laurel Township, New Jersey
job type: Contract
salary: $80 - 85 per hour
work hours: 8am to 5pm
education: Bachelors
responsibilities:
Core Responsibilities
- Risk Assessment & Validation: Partner with core BISOs, Business Asset Owners (BAOs), and Technology Asset Owners (TAOs) to review, update, and complete Technology Asset Risk Assessments (TARAs) to identify inherent risk, and Control Gap Assessments (CGAs) to evaluate residual risk.
- Scope & Compliance Governance: Act as the gatekeeper to ensure all active projects stay strictly within the defined scope of the currency uplift mandate. Track control exceptions and ensure strict alignment with corporate security frameworks.
- Cross-Functional Collaboration: Serve as the primary liaison between specialized currency teams and the broader US BISO organization. Participate heavily in weekly alignment meetings, project standups, and stakeholder syncs (occupying approximately 50% of the daily schedule).
- Vulnerability Tracking & Reporting: Monitor and track the overall success of currency uplifts against key metrics, specifically focusing on the reduction of asset vulnerabilities, control gaps, and End-of-Life/End-of-Support (EOL/EOS) concerns.
- Metrics & Dashboards: Compile and deliver weekly tracker reports identifying work completed, project milestones achieved, and risk escalations or concerns.
qualifications:
Candidate Qualifications
Must-Have Technical Skills (Hard Skills)
Information Security Experience: Minimum of 5 years of dedicated experience in Information Security, IT Risk, or Cyber GRC roles.
First Line of Defense (1LoD): Proven experience operating within a 1B Line of Defense framework, directly managing and mitigating operational tech risk.
Risk Assessment Frameworks: Deep practical knowledge of Risk Technology Frameworks, including the execution of inherent and residual risk methodologies.
Core GRC Tools: Hands-on proficiency with Archer (GRC platform) and ServiceNow for tracking, reporting, and workflow management.
Professional Skills (Soft Skills)
Autonomous Execution: Ability to work independently, take ownership of a portfolio, and drive tasks to completion with minimal supervision.
Advanced Time Management: Highly organized with the ability to balance heavy meeting schedules (~50% of time) with deep-work analytical tracking and reporting.
Communication & Influence: Strong internal stakeholder management skills, with the ability to cleanly communicate risk concepts to both technical (TAOs) and non-technical (BAOs) partners.
Nice-to-Have Qualifications
Industry-standard security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent risk/security training.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.
At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact
Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).
This posting is open for thirty (30) days.
![]()