holmesmurphy

Business Information Security Officer

West Des Moines April 27, 2026 Full Time

Job Description:

We are looking to add a Business Information Security Officer to join our Information Security team in West Des Moines, Iowa Offering a forward-thinking, innovative, and vibrant company culture, along with the opportunity to share your unique potential, there really is no place like Holmes!

The purpose of this position is to be the strategic liaison between the Information Security Department and the organization’s business units. This position ensures that enterprise security policies are implemented in a way that aligns with the business unit’s goals and risk appetite.

Essential Responsibilities:

  • Translate high-level enterprise security strategies into actionable, tactical plans tailored for a specific business unit.
  • Identifies and assesses cybersecurity risks unique to the business unit’s operations and advises business leaders on risk mitigation or acceptance based on risk tolerance.
  • Ability to translate complex technical jargon into business-friendly language for stakeholders and executives.
  • Serves as the primary point of contact for security-related issues, bridging the gap between technical security teams and non-technical business leaders.
  • Monitors adherence to regulatory requirements (e.g. HIPAA, GLBA, NYDFS) and internal security and privacy policies.
  • Fosters a security-first culture by delivering targeted awareness programs and educating business units on relevant threats.
  • Conduct and summarize risk assessments for the business; ensuring they have the appropriate information to make risk based decisions, risk owners are assigned, and risk responses are monitored.

Additional Responsibilities:

  • Develop materials and present business relevant projects, risks, and make recommendations to Information Security Council as appropriate.
  • Participates in cybersecurity strategy setting and other Enterprise initiatives as a security expert.
  • Performs special projects and other duties as requested.

Knowledge, Skills and Abilities:

  • Develop a deep business acumen to understand business operations, financial impacts, and how security investments drive revenue or efficiency with the ability to identify security risks and apply applicable controls.
  • Ability to lead without direct authority and negotiate between competing security and business priorities.
  • Proficient in security frameworks such as NIST, ISO 27001, CIS and the ability to clearly and concisely explain requirements to the business.
  • Broad technical knowledge of network, cloud, and application security.
  • Experience using automation tools within the work environment.
  • Flexibility as business priorities shift and new technologies rapidly change the threat landscape.
  • Ability to analyze complex issues, provide advanced issue resolution, and implement effective solutions.
  • Actively listen and understand the unique pressures and goals of a business unit before recommending security controls.
  • Appropriately manage conflict between security requirements and operational efficiency to maintain positive team dynamics.
  • Ability and willingness to consistently participate in internal and external educational opportunities to enhance knowledge of current insurance topics or relevant system improvements.
  • Ability and willingness to pursue relevant designations and/or continuing education, as appropriate.
  • Ability to apply common sense understanding to carry out instructions furnished in written, oral or diagram form. Ability to deal with problems involving several concrete variables in standardized situations.
  • Ability to exert up to 10 pounds of force occasionally, and/or negligible amount of force frequently or constantly to lift, carry, push, or pull objects.
  • Must be knowledgeable of and comply with HMA's Client Privacy Policy, HIPAA regulations and E&O procedures and policies.

Qualifications:

  • Education: Bachelor’s degree in technology, information systems, or related area or an equivalent combination of education, training, and experience.
  • Experience: 7-10 years of relevant experience in Information Security, risk management, compliance, governance, or other security-related fields. Required certification such as CISSP, CISM, CRISC.

Core Competencies

  • Trust: Build trust through honest and caring actions and consistently do the right thing.
  • Communication: Seek understanding to convey messages and information to others in a caring and constructive manner.
  • Client Focus: Establish meaningful relationships with clients (internal and external) by supporting their unique potential and delivering an impactful experience.
  • Teamwork: Contributes to the success of the organization by effectively influencing others and uplifting their experiences and unique strengths.

Technical Competencies

  • Business & Technology Knowledge: Invests in the development of technical knowledge, understands business needs to make informed decisions and deliver technology solutions, including effective related processes and procedures.
  • Problem Solving: Ability to efficiently identify problem(s), leverage resources to determine root cause(s) and propose and implement solutions or make improvements.

Here’s a little bit about us:

In addition to being great at what you do, we place a high emphasis on building a best-in-class culture.  We do this through empowering employees to build trust through honest and caring actions, ensuring clear and constructive communication, establishing meaningful client relationships that support their unique potential, and contributing to the organization's success by effectively influencing and uplifting team members. 

Benefits:  In addition to core benefits like health, dental and vision, also enjoy benefits such as:

  • Paid Parental Leave and supportive New Parent Benefits — We know being a working parent is hard, and we want to support our employees in this journey!
  • Company paid continuing Education & Tuition Reimbursement — We support those who want to develop and grow.
  • 401k Profit Sharing — Each year, Holmes Murphy makes a lump sum contribution to every full-time employee’s 401k. This means, even if you’re not in a position to set money aside for the future at any point in time, Holmes Murphy will do it on your behalf! We are forward-thinking and want to be sure your future is cared for.
  • Generous time off practices in addition to paid holidays — Yes, we actually encourage employees to use their time off, and they do. After all, you can’t be at your best for our clients if you’re not at your best for yourself first.
  • Supportive of community efforts with paid Volunteer time off and employee matching gifts to charities that are important to you — Through our Holmes Murphy Foundation, we offer several vehicles where you can make an impact and care for those around you.
  • DE&I programs — Holmes Murphy is committed to celebrating every employee’s unique diversity, equity, and inclusion (DE&I) experience with us. Not only do we offer all employees a paid Diversity Day time off option, but we also have a Chief Diversity Officer on hand, as well as a DE&I project team, committee, and interest group. You will have the opportunity to take part in those if you wish!
  • Consistent merit increase and promotion opportunities — Annually, employees are reviewed for merit increases and promotion opportunities because we believe growth is important — not only with your financial wellbeing, but also your career wellbeing.
  • Discretionary bonus opportunity — Yes, there is an annual opportunity to make more money. Who doesn’t love that?!

Holmes Murphy & Associates is an Equal Opportunity Employer.

Apply on company site

How well do you match this role?

Check My Resume