Business Information Security Officer
Role details
Job location
Tech stack
Job description
Job Description At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. Boeing Enterprise Security (BES) is on the lookout for a highly motivated Business Information Security Officer (BISO) to join the Global Cybersecurity team. The Global Cybersecurity program is dedicated to the assurance of cybersecurity regulatory framework compliance, in-region security GRC advice and oversight, and strategic cybersecurity solutions to enable global business operations. The BISO will serve as the primary point of contact between the BES organizational functions and Boeing entities, business programs, and other stakeholders across continental Europe. The BISO is the region's trusted cybersecurity partner and is responsible for maintaining strategic relationships with various organizational leaders/stakeholders from IT, Legal, and Security departments. The role can be based in Neu-Isenburg (Frankfurt), Germany; Rome, Italy; Warsaw, Poland; Paris, France; Amsterdam, Netherlands; Brussels, Belgium or Madrid, Spain and will be part of a truly global team, meaning that there is much flexibility in the hours worked, noting that some work calls will be outside the traditional working hours. Applicants must be: + A European Union Citizen or currently have an EU work permit. Boeing will not sponsor a new work permit application. + Based near a Boeing Global business office + Within easy travel access to an international airport hub + Able to accommodate hybrid working (1-2 days a week onsite to meet with business leaders and IT/Law partners) + Prepared to travel (Commitment up to 25%) Position Responsibilities: Facilitate the authority to operate (ATO) in a region + Manage regulatory compliance and assurance activities (e.g., audits, assessments, attestations) + Registration with European regulatory authorities as an appointment Cybersecurity Focal/officer + Serve as a conduit between BES Product Owners/SMEs, Cyber Legal Counsel, regional partners, and stakeholders Champion Governance, Risk and Compliance (GRC) responsibilities in Europe region + Assess cybersecurity risk and overall health that may impact business operations in the region + Ensure regional compliance and alignment with BES policy + Identify/safeguard regional IT assets, ensure minimum defensive controls and IT Preparedness Plans Champion Governance, Risk and Compliance (GRC) responsibilities in Europe region + Serve as the regional point person for cybersecurity requests and inquiries from internal / external customers + Provide expert cybersecurity advisory to enable regional business initiatives and imperatives + Promote awareness of BES directives, cybersecurity policies and security best practices + Partner with, At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Boeing Enterprise Security (BES) is on the lookout for a highly motivated Business Information Security Officer (BISO) to join the Global Cybersecurity team.
The Global Cybersecurity program is dedicated to the assurance of cybersecurity regulatory framework compliance, in-region security GRC advice and oversight, and strategic cybersecurity solutions to enable global business operations.
The BISO will serve as the primary point of contact between the BES organizational functions and Boeing entities, business programs, and other stakeholders across continental Europe. The BISO is the region's trusted cybersecurity partner and is responsible for maintaining strategic relationships with various organizational leaders/stakeholders from IT, Legal, and Security departments.
The role can be based in Neu-Isenburg (Frankfurt), Germany; Rome, Italy; Warsaw, Poland; Paris, France; Amsterdam, Netherlands; Brussels, Belgium or Madrid, Spain and will be part of a truly global team, meaning that there is much flexibility in the hours worked, noting that some work calls will be outside the traditional working hours. Applicants must be:
- A European Union Citizen or currently have an EU work permit. Boeing will not sponsor a new work permit application.
- Based near a Boeing Global business office
- Within easy travel access to an international airport hub
- Able to accommodate hybrid working (1-2 days a week onsite to meet with business leaders and IT/Law partners)
- Prepared to travel (Commitment up to 25%)
Position Responsibilities:
Facilitate the authority to operate (ATO) in a region
- Manage regulatory compliance and assurance activities (e.g., audits, assessments, attestations)
- Registration with European regulatory authorities as an appointment Cybersecurity Focal/officer
- Serve as a conduit between BES Product Owners/SMEs, Cyber Legal Counsel, regional partners, and stakeholders
Champion Governance, Risk and Compliance (GRC) responsibilities in Europe region
- Assess cybersecurity risk and overall health that may impact business operations in the region
- Ensure regional compliance and alignment with BES policy
- Identify/safeguard regional IT assets, ensure minimum defensive controls and IT Preparedness Plans
Champion Governance, Risk and Compliance (GRC) responsibilities in Europe region
- Serve as the regional point person for cybersecurity requests and inquiries from internal / external customers
- Provide expert cybersecurity advisory to enable regional business initiatives and imperatives
- Promote awareness of BES directives, cybersecurity policies and security best practices
- Partner with regional stakeholders to deliver comprehensive security planning and solutions, Job Description At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. Boeing Enterprise Security (BES) is on the lookout for a highly motivated Business Information Security Officer (BISO) to join the Global Cybersecurity team. The Global Cybersecurity program is dedicated to the assurance of cybersecurity regulatory framework compliance, in-region security GRC advice and oversight, and strategic cybersecurity solutions to enable global business operations. The BISO will serve as the primary point of contact between the BES organizational functions and Boeing entities, business programs, and other stakeholders across continental Europe. The BISO is the region's trusted cybersecurity partner and is responsible for maintaining strategic relationships with various organizational leaders/stakeholders from IT, Legal, and Security departments. The role can be based in Neu-Isenburg (Frankfurt), Germany; Rome, Italy; Warsaw, Poland; Paris, France; Amsterdam, Netherlands; Brussels, Belgium or Madrid, Spain and will be part of a truly global team, meaning that there is much flexibility in the hours worked, noting that some work calls will be outside the traditional working hours. Applicants must be: + A European Union Citizen or currently have an EU work permit. Boeing will not sponsor a new work permit application. + Based near a Boeing Global business office + Within easy travel access to an international airport hub + Able to accommodate hybrid working (1-2 days a week onsite to meet with business leaders and IT/Law partners) + Prepared to travel (Commitment up to 25%) Position Responsibilities: Facilitate the authority to operate (ATO) in a region + Manage regulatory compliance and assurance activities (e.g., audits, assessments, attestations) + Registration with European regulatory authorities as an appointment Cybersecurity Focal/officer + Serve as a conduit between BES Product Owners/SMEs, Cyber Legal Counsel, regional partners, and stakeholders Champion Governance, Risk and Compliance (GRC) responsibilities in Europe region + Assess cybersecurity risk and overall health that may impact business operations in the region + Ensure regional compliance and alignment with BES policy + Identify/safeguard regional IT assets, ensure minimum defensive controls and IT Preparedness Plans Champion Governance, Risk and Compliance (GRC) responsibilities in Europe region + Serve as the regional point person for cybersecurity requests and inquiries from internal / external customers + Provide expert cybersecurity advisory to enable regional business initiatives and imperatives + Promote awareness of BES directives, cybersecurity policies
Requirements
regional stakeholders to deliver comprehensive security planning and solutions Preferred Qualifications (Desired Skills/Experience): + 10+ years IT/Security related work experience, ideally with 5+ years in a management/leadership role + CISSP, CISM, CISA, Security+ or other cybersecurity certifications + 5+ years presenting complex security risks, strategies, and concepts in business terms to executive leadership + 5+ years leading or conducting IT/cybersecurity risk assessment + 5+ years of experience with European security regulatory assessments and pertinent compliance activities + 5+ years proven experience working in a Security GRC related role + Strong executive presence and business acumen, excellent written and oral communication skills, and the ability to translate technically complex issues into simple, easy to understand concepts + Experience working in an IT/Security role across multiple European countries + Multi-lingual with strong verbal, comprehension and written English competence. The successful candidate will have a combination of key characteristics, skills and traits Strategic Business Acumen: + An expert translator with the ability to convert complex, technical security concepts into clear, concise business language for non-technical stakeholders, executives and regional Boards. + Strong "influencer leadership" skills to gain buy-in from business leaders and partners without having direct authority over them + An ability to act as a "business enabler" that can align Enterprise security initiatives to regional business objectives and imperatives. Technical Expertise & Security Foundation: + A technical fluency and strong understanding of the entire security domain (network/cloud, data protection, application, identity/access management, vulnerability, incident response). + In-depth knowledge of European security regulatory landscape (GDPR, EASA Part-IS, NIS2 Directive, EU AI Act) and familiarity with other global regulatory standards (ISO/IEC 27000, NIST SP 800-171, CSF) + Proven ability to lead/conduct IT security risk assessments, support internal security audits, and prepare for regulatory assessments Leadership & Cultural Fit: + Ability to operate within a large, complex, global, multicultural environment. + Proactive, innovative, observant, detail-oriented and tolerant of ambiguity with the flexibility to thrive in a dynamic environment + Operates with a sense of urgency while maintaining a high standard of quality delivery. + Professional, collaborative, respectful, with a strong sense of accountability, ethics, and business integrity. Work Authorisation: This requisition is for a locally hired position in Belgium, Netherlands, Italy, Spain, Poland, France and Germany. Candidates must have current legal authorisation to work immediately in the respective country. Boeing will not attempt to obtain Immigration, * 10+ years IT/Security related work experience, ideally with 5+ years in a management/leadership role
- CISSP, CISM, CISA, Security+ or other cybersecurity certifications
- 5+ years presenting complex security risks, strategies, and concepts in business terms to executive leadership
- 5+ years leading or conducting IT/cybersecurity risk assessment
- 5+ years of experience with European security regulatory assessments and pertinent compliance activities
- 5+ years proven experience working in a Security GRC related role
- Strong executive presence and business acumen, excellent written and oral communication skills, and the ability to translate technically complex issues into simple, easy to understand concepts
- Experience working in an IT/Security role across multiple European countries
- Multi-lingual with strong verbal, comprehension and written English competence.
The successful candidate will have a combination of key characteristics, skills and traits
Strategic Business Acumen:
- An expert translator with the ability to convert complex, technical security concepts into clear, concise business language for non-technical stakeholders, executives and regional Boards.
- Strong "influencer leadership" skills to gain buy-in from business leaders and partners without having direct authority over them
- An ability to act as a "business enabler" that can align Enterprise security initiatives to regional business objectives and imperatives.
Technical Expertise & Security Foundation:
- A technical fluency and strong understanding of the entire security domain (network/cloud, data protection, application, identity/access management, vulnerability, incident response).
- In-depth knowledge of European security regulatory landscape (GDPR, EASA Part-IS, NIS2 Directive, EU AI Act) and familiarity with other global regulatory standards (ISO/IEC 27000, NIST SP 800-171, CSF)
- Proven ability to lead/conduct IT security risk assessments, support internal security audits, and prepare for regulatory assessments
Leadership & Cultural Fit:
- Ability to operate within a large, complex, global, multicultural environment.
- Proactive, innovative, observant, detail-oriented and tolerant of ambiguity with the flexibility to thrive in a dynamic environment
- Operates with a sense of urgency while maintaining a high standard of quality delivery.
- Professional, collaborative, respectful, with a strong sense of accountability, ethics, and business integrity.
Work Authorisation:
This requisition is for a locally hired position in Belgium, Netherlands, Italy, Spain, Poland, France and Germany. Candidates must have current legal authorisation to work immediately in the respective country. Boeing will not attempt to obtain Immigration and labour sponsorship for any applicants. Benefits and pay are determined at the local level and are not part of Boeing U.S. based payroll.
Conflict of Interest
Successful candidates for this job must satisfy the Company's Conflict of Interest (COI) assessment process., and security best practices + Partner with regional stakeholders to deliver comprehensive security planning and solutions Preferred Qualifications (Desired Skills/Experience): + 10+ years IT/Security related work experience, ideally with 5+ years in a management/leadership role + CISSP, CISM, CISA, Security+ or other cybersecurity certifications + 5+ years presenting complex security risks, strategies, and concepts in business terms to executive leadership + 5+ years leading or conducting IT/cybersecurity risk assessment + 5+ years of experience with European security regulatory assessments and pertinent compliance activities + 5+ years proven experience working in a Security GRC related role + Strong executive presence and business acumen, excellent written and oral communication skills, and the ability to translate technically complex issues into simple, easy to understand concepts + Experience working in an IT/Security role across multiple European countries + Multi-lingual with strong verbal, comprehension and written English competence. The successful candidate will have a combination of key characteristics, skills and traits Strategic Business Acumen: + An expert translator with the ability to convert complex, technical security concepts into clear, concise business language for non-technical stakeholders, executives and regional Boards. + Strong "influencer leadership" skills to gain buy-in from business leaders and partners without having direct authority over them + An ability to act as a "business enabler" that can align Enterprise security initiatives to regional business objectives and imperatives. Technical Expertise & Security Foundation: + A technical fluency and strong understanding of the entire security domain (network/cloud, data protection, application, identity/access management, vulnerability, incident response). + In-depth knowledge of European security regulatory landscape (GDPR, EASA Part-IS, NIS2 Directive, EU AI Act) and familiarity with other global regulatory standards (ISO/IEC 27000, NIST SP 800-171, CSF) + Proven ability to lead/conduct IT security risk assessments, support internal security audits, and prepare for regulatory assessments Leadership & Cultural Fit: + Ability to operate within a large, complex, global, multicultural environment. + Proactive, innovative, observant, detail-oriented and tolerant of ambiguity with the flexibility to thrive in a dynamic environment + Operates with a sense of urgency while maintaining a high standard of quality delivery. + Professional, collaborative, respectful, with a strong sense of accountability, ethics, and business integrity. Work Authorisation: This requisition is for a locally hired position in Belgium, Netherlands, Italy, Spain, Poland, France and Germany. Candidates must have current legal authorisation to work immediately in the respective
Benefits & conditions
Shift
Not a Shift Worker (Germany)
