Business Information Security Officer (BISO)

An extraordinarily talented group of individuals work together every day to drive TNS' success, from both professional and personal perspectives.  Come join the excellence!

Overview

The Business Information Security Officer (BISO) will serve as the primary point of contact between the TNS Security Department, their shared security service offerings and their assigned business unit(s). The BISO is responsible for maintaining a strategic relationship with the specific business unit they are aligned to. This strategic move to incorporate BISOs by TNS will ensure that security is incorporated into the culture of the business unit and the business unit’s risk appetite falls within TNS’ risk tolerance level. The (BISO) will play a pivotal role in ensuring that security strategies align with TNS' Information Security Management System (ISMS), regulatory requirements, and business objectives.The BISO collaborates closely with the Chief Security Officer (CSO), PAY General Manager (GM), and other business leaders to understand the strategic direction of the PAY Market and the payments industry, ensuring security initiatives support overall business growth.
The BISO will help leadership define the appropriate risk appetite for the PAY Market, while ensuring that risk tolerance is maintained within acceptable limits.

Responsibilities

The BISO fulfills the following tasks:

• Act as a subject matter expert (SME) between the TNS Security Department and the business unit in the management of business unit security risks.
• Identify resource requirements (e.g., security architects, security engineers, security analysts) to achieve business unit outcomes
• Continuously monitor industry trends to anticipate and plan for future impact of security risk on the business unit. 
• Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with TNS’ Security’s risk management frameworks, policies and standards.
• Work with business unit to align funding requirements with strategic initiatives  
• Participate in Security, Operations and business-related councils or working and steering groups as necessary
• Educate stakeholders on security-related matters to increase awareness and improve culture
• Develop an understanding of business goals and reframe security risk discussions in business terms
• Constructively engage business partners regarding security issues
• Establish security risk ownership and accountability within the business unit
• Inform business partners of the security risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
• Challenge business partners’ assumptions about value drivers and present an alternate perspective 
• Influence business partners’ perceptions of success where applicable

Key Responsibilities:

• Risk Management: As a subject matter expert in payments security, the BISO will identify key risks—such as fraud, data breaches, and system outages—within the TNS risk management framework. They will work with the Security Department to implement controls that mitigate these risks while supporting secure payment processing.
• Regulatory Compliance: The BISO ensures adherence to payment regulations and compliance with frameworks such as PCI DSS, DORA, and GDPR. This requires an in-depth understanding of laws governing data privacy, financial services, and payment security. They will collaborate with the Information Security Group to provide compliance evidence for audits and ensure payment systems meet all required security certifications.
• Security Technologies: The BISO partners with the Security Engineering teams to implement security technologies that safeguard payment systems, including encryption, tokenization, multi-factor authentication (MFA), and secure coding practices.
• Incident Response: The BISO ensures incident response plans are robust and provides quick responses to breaches or security incidents. This includes identifying when external auditors are required and ensuring a comprehensive response process.
• Cross-functional Collaboration: The BISO fosters collaboration across departments, including Legal, Compliance, IT, Operations, Development and Product teams, to ensure security is integrated throughout the payments lifecycle. Additionally, they educate both internal and external stakeholders on security best practices.
• Third-Party Risk Assessments: The BISO ensures all third-party providers—such as payment processors, cloud services, and other service partners—comply with security standards. Regular assessments and audits are conducted to manage risks associated with third-party vendors.
• Employee Training:  The BISO will work with the InfoSec teams to promote a security-first mindset across the Business Unit by focusing on industry-specific threats such as phishing, social engineering, and internal fraud. The BISO is responsible for driving a consistent security behavior and culture program through various training methods, encouraging employees to proactively identify and report risks to enhance the Business Unit’s security posture.
• Security KPIs & Continuous Improvement: The BISO establishes key performance indicators (KPIs) for security in the PAY market and regularly reports on the effectiveness of security measures. They stay updated on emerging threats, security innovations, and industry best practices to continuously enhance the organization's security posture.

Qualifications

Education, Training & Previous Experience

• BA/BS in a business or technology related field. MBAs are an added benefit, but not required. 

• [5+/8+] years of experience working in information security, risk management, governance, and meeting regulatory requirements related to security with a specific focus on business outcomes and service delivery.  

• Experience in working with and preferably leading a global, cross functional team. 

• Preferred Certifications : CISM, CISA, CISSP

Knowledge and Skills

• Aptitude for understanding internal organizational environments and their relationship to the external business environment

• Ability to develop a full and deep understanding of the business unit’s operations

• Understanding of how business initiatives create value and security risk for TNS and the business unit

• Ability to effectively analyze risk within the context of business problems 

• Strong ability to convey complex security risks and issues in a manner that is easily understood, actionable and constructively challenges prevailing thoughts and processes

• Able to consistently, effectively defend ideas and solutions 

• Adept at improving outcomes through proactive team coaching and development 

• Demonstrates an ability to construct, challenge, and manage choices

• Strong problem-solving and trouble-shooting skills

Personal Characteristics

• Ability to interface with and build credibility and relationships with all stakeholders.

• Confident, energetic self-starter, with strong communication skills.

• For this role, we anticipate paying $189,000k - $231,000K. This role is eligible for variable pay, issued as a monetary bonus or in another form. Any compensation range provided for a role is an estimate determined by available market data. The actual amount may be higher or lower than the range provided considering each candidate’s knowledge, skills, abilities, and geographic location. TNS offers a competitive benefit package including medical and dental coverage, life insurance, paid holidays and vacations, and a 401K plan with company match.

• Good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.

• Instinctive and creative out-of-the-box thinker 

If you are passionate about technology, love personal growth and opportunity, come see what TNS is all about!

TNS is an equal opportunity employer. TNS evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.