Business Information Security Officer

Built on meritocracy, our unique company culture rewards self-starters and those who are committed to doing what is best for our customers.

Brown & Brown Inc, is looking for an experiences Business Information Security Officer to join our growing team. The Business Information Security Officer (BISO) will serve as the primary point of contact between the cybersecurity function and divisional profit centers and corporate functions. The BISO works closely with the divisional line of business Chief Information Officers (CIOs), profit center IT leaders and business leaders to align the division with the information security strategy and represents the CISO in local information security matters. The key objective of the BISO is to ensure that cybersecurity is incorporated into the culture of the division and profit centers. The BISO and divisional relationship will ensure a focus on the right risk priorities. The BISO provides guidance to the division/profit centers on information security topics, policies, controls and serves as the single conduit into the Information Security organization.


  • Contribute to the ongoing information security initiatives and improvements development, implementation and maintenance of information security for the division in alignment to policies, standards, frameworks and security services.
  • Serves as an Information Security subject matter expert and participates in the development, implementation and maintenance of information security for the division
  • Provides guidance and advocacy regarding the prioritization of divisional investments that impact information security
  • Advises divisional leaders on risk issues related to information security and recommends actions in support of the divisions wider risk management and compliance programs
  • Allocate resources (e.g., security architects, engineers, operations) to achieve outcomes
  • Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific profit center or function
  • Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the organization
  • Lead the implementation of the corporate information security data protection and privacy policies across the business.
  • Plan and manage the network certification and accreditation processes in direct collaboration with auditors and certification bodies.
  • Ensures regulatory compliance activities for Data Privacy and security data protection across the division.
  • Work with Profit Centers to align funding requirements with strategic initiatives
  • Participate in cybersecurity and business-related councils or working groups as necessary
  • Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture
  • Develop an understanding of business goals and reframe risk discussions in business terms
  • Drives forward yearly information security risk assessments across the division
  • Constructively engage business partners regarding cybersecurity issues
  • Establish risk ownership and accountability within the division
  • Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
  • Challenge business partners’ assumptions about value drivers and present an alternate perspective
  • Reshape business partners’ preconceived notions of success where appropriate
  • Manages quality control and reporting
  • Ensures compliance with policies, regulations and information security tools and services

Knowledge and Skills

  • Knowledge of Property and Casualty Insurance.
  • Aptitude for understanding internal organizational environments and their relationship to the external business environment
  • Ability to develop a full and deep understanding of the business operations
  • Understanding of how business initiatives create value and risk for organizations
  • Able to effectively analyze risk within the context of business problems
  • Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes
  • Able to consistently, effectively defend ideas and solutions
  • Adept at improving outcomes through proactive team coaching and development
  • Demonstrates an ability to construct, challenge, and manage choices
  • Strong problem-solving and trouble-shooting skills
  • Has the accessibility and ability to interface with, and build credibility and relationships with all stakeholders.
  • Is a confident, energetic self-starter, with strong communication
  • CISSP or ability to pass exam(s) within 90 days.


  • BA/BS in a business or technology related field.
  • 5-8+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.
  • Experience in working with and preferably cross functional team.
  • CISSP or CISM or ability to pass exam(s) within 90 days

· Excellent growth and advancement opportunities
· Competitive pay based on experience
· Discretionary Time Off (DTO)
· Generous benefits package: health, dental, vision, 401(k), etc.
· Employee Stock Purchase Plan

We are an Equal Opportunity Employer. We take pride in the diversity of our team and seek diversity in our applicants.

Job ID : R22_0000000752

More Information

Apply for this job

Leave your thoughts