Manager - Business Information Security Officers
nCino · Wilmington, NC · 1 wk ago
Information Technology$122k–$213k/yrFull-time
About the role
nCino is seeking a Manager, Business Information Security Office (BISO) to lead a team responsible for maintaining compliance documentation, facilitating customer audits, responding to security inquiries, and supporting vendor assessments across various frameworks.
Responsibilities
- Manage day-to-day operations of the team, overseeing administration and continuous improvement of compliance processes, systems, and documentation.
- Support staff development through onboarding, training, coaching, and ongoing feedback.
- Facilitate team meetings, coordinate resources, and track progress against project milestones and compliance commitments.
- Manage workload distribution and prioritization to ensure timely response to customer security inquiries, audit requests, and vendor assessments.
- Oversee the preparation, maintenance, and continuous improvement of compliance documentation and evidence packages.
- Coordinate responses to customer security due diligence requests, including questionnaires and examiner inquiries.
- Assist in the development and review of information security policies, standards, and procedures.
- Maintain current awareness of relevant information security laws, regulations, and frameworks.
- Partner with engineering, product, and legal stakeholders to escalate security improvement needs.
- Engage with business stakeholders to gather requirements and communicate project status.
- Prepare and maintain dashboards and reports tracking compliance activities, open audit items, and team performance.
- Leverage AI tools and techniques to enhance work efficiency and optimize business operations.
Requirements
- Undergraduate degree in computer science, information systems, or a related technology field, or equivalent work experience; advanced degree preferred.
- Five or more years of experience in information security, IT compliance, or a related technical discipline, with at least one year in a team lead or people management capacity.
- Working knowledge of information security frameworks and standards, including SOC 2, ISO 27001, PCI DSS, and CSA STAR.
- Familiarity with AI risk and due diligence frameworks, including NIST AI RMF or equivalent.
- Demonstrated ability to manage compliance documentation, coordinate audit activities, and respond to third-party security inquiries in a regulated environment.
- Strong communication skills with the ability to explain technical security concepts clearly to non-technical stakeholders.
- Experience managing or coordinating distributed teams with the ability to prioritize competing demands and drive accountability across workstreams.
- Understanding of cloud security principles and SaaS or multi-tenant environment security considerations.
Qualifications
- Desired Experience: Managing vendor risk from the vendor side, familiarity with financial institutions' evaluation of SOC 2 reports, penetration test results, and SIG questionnaires.
- Knowledge of financial services regulatory expectations from bodies such as OCC, FDIC, NCUA, or state banking regulators; familiarity with GLBA safeguards requirements.
- Exposure to DORA requirements for organizations serving EU-based financial institutions.
- Familiarity with secure SDLC practices, vulnerability management, and application security concepts.
- Experience participating in or supporting a security steering committee or risk committee.
Pay
The pay range for this role is $121,900.00 - $213,300.00.