author photo
By Bruce Sussman
Wed | Feb 13, 2019 | 6:55 AM PST

The role of Business Information Security Officer (BISO) really shot onto the scene a few years ago. And although many companies are hiring for a BISO right now, there are still a lot of questions about the role.

What, exactly, is the job description of a Business Information Security Officer? What does a BISO do and how does it differ from the role of CISO?

We asked U.S. Bank Vice President and BISO Mike Kearn to clear up the confusion by explaining his role. He's on the Advisory Council for SecureWorld Twin Cities, and we interviewed him in downtown Minneapolis.

Role of the Business Information Security Officer

[SW] If you had to describe the BISO role in a couple of sentences, what would you say?

[MK] I work with the technology leadership and the business leadership to bake security into their strategic plans. So I’m a liaison back to the greater security organization and the operational teams. I’m there to ensure the directions of our CISO are being followed and adhered to and I’m there to guide, consult and partner with those leaders.

[SW] To whom do you report?

[MK] I report up through the CISO of the organization.

[SW] What are the top keys to success for Business Information Security Officers?

See our 60-second video interview where Kearn explains the answer to BISO best practices: 

Thanks to VP and BISO Mike Kearn for sharing his insights!

Note: We recently spoke with U.S. Bank CISO Jason Witty, as well, about his role. It is interesting to note that he also ranked communication skills as one of the key places information security leaders should focus on in 2018.