Omnicell logo

Sr. Business Information Security Officer (BISO)

Omnicell
23 hours ago
Full-time
On-site
Grapevine, Texas, United States
Description

Department: Information Technology – Enterprise Security
Location: Grapevine, TX or Cranberry Township, PA (Remote)

Position Overview

The Sr. Business Information Security Officer (BISO) serves as the primary bridge between Omnicell’s Enterprise Security Team and designated lines of business and functions. This role helps business units understand, adopt, and operationalize security policies and processes in a way that enables secure growth while meeting regulatory, customer, and audit expectations.

  • Aligns security priorities with business strategies and go‑to‑market plans.
  • Translates technical risk into clear business and regulatory impact for leaders.
  • Simplifies and integrates security into processes, projects, and technology initiatives.
  • Builds trust and credibility with executives, product teams, IT, Legal, and Privacy.

 

The BISO partners closely with Enterprise Security pillars (Cyber Architecture & GRC, SecOps, Product/Cloud Security, IAM, Third‑Party Risk, Resilience), Privacy, Legal, and commercial, services, and operations leadership.

 

Essential Duties & Responsibilities 

Business Partnership and Risk Advisory

  • Serve as the primary security liaison for designated business units and functions (e.g., commercial and service leadership, operations, and enabling functions).

  • Participate in business reviews, portfolio planning, and steering committees to ensure security and privacy requirements are identified early.

  • Provide clear, riskbased guidance on new initiatives (e.g., product launches, SaaS and cloud deployments, integrations, use of AI, new market segments), documenting recommended controls and tradeoffs.

  • Help business leaders balance growth, customer expectations, and regulatory obligations with Omnicell’s security, privacy, and compliance standards.

 

Security Governance, Alignment & Coverage

  • Ensure business units operate within Omnicell’s Global Cybersecurity Policy Suite, Enterprise Security Policy, and supporting standards (e.g., IAM, Network Security, Data Protection, Incident Response, ThirdParty Risk).

  • Interpret global policies in the context of regulations and frameworks (e.g., HIPAA/HITECH, HITRUST, SOC 2, state privacy laws such as CCPA/CPRA, payer/provider security requirements).

  • Maintain a documented security engagement model for stakeholders, including RACI for key controls, decision rights, and escalation paths.

  • Represent the security risk posture and control maturity in enterprise security and IT risk governance forums.

 

Risk Management, Assessments & Reporting

  • Maintain a security risk register aligned with NIST CSF v2.0, Omnicell’s risk taxonomy, and enterprise risk processes.

  • Coordinate or lead risk and privacy impact assessments for systems, data flows, and business processes, in partnership with Privacy, Legal, Product, and IT.

  • Translate assessment findings into corrective action plans (CAPs) with clear owners, timelines, and mapping to applicable control frameworks (e.g., NIST CSF, NIST 80053, HITRUST, SOC 2, Omnicell policies, and relevant regulations).

  • Contribute data to enterprise security metrics and dashboards (e.g., vulnerabilities, incident trends, IAM metrics, training completion) and help drive remediation and continuous improvement.

 

Security Enablement, Projects &Change Initiatives

  • Embed security into programs and projects (e.g., cloud migrations, data center moves, partner integrations, major customer programs, M&A integrations, and divestitures) by ensuring requirements are captured and designs align with enterprise reference architectures and policies.

  • Partner with Product/Cloud Security and IT to ensure hosted workloads follow standards across segmentation, logging, IAM, PAM, CSPM, DLP, EDR, and related controls.

  • Support data classification and handling for operations, ensuring that confidential information, PHI, and PII are managed per Omnicell policies and applicable US laws and regulations.

  • Promote and coordinate security training and awareness tailored for audiences (commercial, operations, support, engineering, and partners).

 

Customer, Audit & Regulatory Engagement

  • Support customer security assessments, RFPs, due diligence, and contract negotiations for opportunities, ensuring accurate and consistent representation of Omnicell’s security posture.

  • Collaborate with Legal, Privacy, and Enterprise Security to provide timely, highquality responses to regulators, auditors, and key strategic customers.

  • Coordinate evidence collection and responses for audits and certifications that include scope (e.g., HITRUST, SOC 2, ISO 27001, HIPAA-related assessments).

  • Help maintain and improve customerfacing security narratives and documentation relevant to healthcare providers, health systems, and other regulated customers.

 

Incident Management, Business Continuity & Resilience

  • Act as a key security lead for incidents impacting systems, customers, or data, in accordance with global Incident Response policies and playbooks.

  • Coordinate with SecOps, Privacy, Legal, and leadership on triage, containment, remediation, and required customer or regulatory notifications (e.g., HIPAA breach notifications).

  • Ensure lessons learned from incidents and near misses are captured and drive durable improvements (policy updates, new controls, training, or process changes).

  • Partner with Enterprise Resilience / BCDR leaders to align continuity and recovery plans for operations with security and risk priorities.

 

Leadership, Influence & Culture

  • Build and maintain trusted relationships with general managers, functional leaders, IT, Product, and strategic partners.

  • Influence decisionmaking by presenting clear, concise narratives on risk, options, and recommended paths that align with Omnicell’s risk appetite and customer commitments.

  • Mentor security champions and points of contact within business units to distribute ownership of security beyond Enterprise Security.

  • Champion a strong “security and privacy by design” culture across operations, reinforcing Omnicell’s core values (Do the Right Thing, Passionate Transformer, Relationships Matter, Intellectually Curious).

 

Qualifications & Experience

  • 7+ years of experience in information security, cybersecurity, or IT risk management, with at least 3+ years in a customer‑ or business‑facing security role (e.g., BISO, Security Architect, GRC, Product/Cloud Security, or similar)
  • Demonstrated experience working with complex, multi‑business‑unit or enterprise stakeholders, ideally in highly regulated industries (e.g., healthcare, life sciences, finance, or public sector)
  • Proven ability to translate complex technical risks into business language for VP‑ and director‑level audiences
  • Strong understanding of:
    • Enterprise security programs (policies, standards, risk registers, CAPs)
    • Core domains such as IAM, network and cloud security, data protection, third‑party risk, incident response, and BCDR
    • How security controls are evidenced and evaluated in audits and certifications (e.g., HITRUST, SOC 2, HIPAA/HITECH compliance activities)
  • Excellent written and verbal communication and storytelling skills, including the ability to create executive‑ready narratives and lead productive discussions with non‑security stakeholders
  • Strong influence, relationship‑building, and prioritization skills in a complex, matrixed organization

 

Preferred Qualifications

  • Bachelor’s or MBA degree in Cybersecurity, Information Systems, Computer Science, Business, Risk Management
  • Professional certifications such as CISSP, CISM, CRISC, CISA, CCSK/CCSP, CIPM/CIPT, CGEIT, or equivalent
  • Experience in healthcare, medical devices, digital health, or SaaS/cloud services supporting regulated customers (e.g., hospitals, health systems, payers)
  • Prior experience as a BISO, regional security lead, or customer‑facing security architect serving healthcare or other highly regulated markets

 

Working Conditions

  • Corporate office, hybrid, or remote work arrangements within the United States, consistent with Omnicell policies
  • Collaboration across US time zones, with coordination with international stakeholders as needed
  • Flexibility to support critical security incidents, urgent vulnerabilities, or customer escalations outside of standard business hours when required

 

Travel Requirements

  • Occasional travel (10–20%) to:
    • Omnicell US offices and hubs
    • Customer and partner sites
    • Periodic enterprise or security team meetings; limited international travel as needed