Business Information Security Officer

Role

The Business Information Security Officer (BISO) acts as the primary link between a Line of Business and the CMA CGM Group Cybersecurity function. The BISO ensures business plans align with cybersecurity requirements, representing both cybersecurity interests to the business and business needs within cybersecurity. This role is pivotal for bridging business and cybersecurity, ensuring strategic alignment, risk management, and fostering a culture of security awareness across the organization.

Responsibilities

Business Engagement

• Build strong relationships with business stakeholders
• Provide clear cybersecurity overviews and insights
• Support leadership with business‑specific cybersecurity insights
• Promote awareness of new regulations and compliance requirements
• Collaborate with regional CISOs for local needs

Asset and Risk Management

• Identify and maintain lists of critical business assets
• Provide clear business strategy, overviews and insight to Cybersecurity
• Share strategic risks and opportunities with executives
• Support risk‑based decision‑making for programs and budgets

Project and Incident Management

• Ensure cybersecurity is properly integrated into business projects
• Escalate and help resolve issues
• Assist with security questionnaires and contract security clauses
• Liaise between CERT and Business during incidents
• Drive adoption of new security capabilities

Awareness and Education

• Promote security awareness and training
• Identify high‑risk populations and report progress
• Use relevant security news to reinforce awareness
• Attend external events for industry insights

Collaboration and Communication

• Always push for a simplify & efficiency approach towards business
• Work with other BISOs to share best practices
• Act as escalation point between Business and Cybersecurity
• Foster a strong cybersecurity culture

Qualifications

• Bachelor or Master in IT, Computer Science, or related field
• Technical/business dual background and security certifications are assets
• Broad cybersecurity knowledge and regulatory frameworks familiarity
• Proven experience in information security
• Strong communication, risk management, and business acumen
• Customer‑oriented, interpersonal, and change management skills
• Bilingual (English and French) is an asset