Cyber Security Business Information Officer (BISO)

Are you ready to embed security by design and influence risk decisions at enterprise scale? Can you partner with senior leaders to turn cyber risk into trusted business outcomes?

About Our Team - The Business Information Security Office (BISO) team partners with business, product, and technology leaders to deliver measurable security outcomes that support enterprise objectives. We focus on managing complex risk, embedding secure by design practices, and driving long term cybersecurity maturity. Our work enables trusted innovation, operational resilience, and informed risk decision making across the organization.

As a Business Information Security Officer (BISO), you act as the primary security partner for assigned business units, bridging business strategy and enterprise cybersecurity. You are accountable for planning and executing security initiatives that reduce risk, strengthen cyber defenses, and enable delivery at scale. The role is highly collaborative, advisory, and outcome focused-ensuring security is embedded early and pragmatically across products, platforms, and major initiatives.

• Act as the primary security partner for assigned business units, building trusted senior stakeholder relationships.
• Embed security early into business initiatives, product development, and technology delivery.
• Sponsor and support enterprise and business aligned security initiatives end to end.
• Provide expert security guidance across concurrent IT, engineering, and business projects.
• Oversee security assessments including vulnerability management, penetration testing, and third party risk.
• Translate security findings into prioritized, actionable remediation plans with clear ownership.
• Provide security input into solution architecture and major technology decisions.
• Serve as the security point of contact for customer facing inquiries, audits, and due diligence.
• Identify, document, and govern cyber risks, supporting risk acceptance and escalation processes.
• Develop and report meaningful security metrics to inform leadership decisions and continuous improvement.

• Several years' experience in a BISO or senior security leadership / advisory role.
• Strong cloud and application security experience (AWS, Azure, GCP; secure SDLC).
• Hands on knowledge of security tooling (SIEM, SOAR, EDR/XDR, CSPM, SAST/DAST).
• Experience embedding security into CI/CD pipelines and DevSecOps practices.
• Proven capability in risk assessments, threat modeling, and control gap analysis.
• Experience collaborating with SOC and Incident Response teams during security events.
• Working knowledge of security frameworks and regulations (NIST, ISO 27001, CIS, GDPR, etc.).
• Ability to translate technical risk into clear, business relevant language.
• Strong stakeholder management skills with the ability to influence without authority.
• Bachelor's degree in Engineering, Computer Science, or equivalent experience, plus relevant certifications (CISSP, CISM, GIAC, or similar).

We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or contacting 1-.

We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. USA Job Seekers: EEO Know Your Rights.

Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.