Business Information Security Officer (BISO)

SalesforceSeattle, WA
8d
Match Resume

About The Position

About Salesforce Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all. Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce. Job Title: Business Information Security Officer (BISO) About the team Salesforce's Product Security team, a vital part of the broader Security organization, is dedicated to securing our customer data and assets while proactively managing risk and enhancing security posture. We thrive on deep collaboration with product and engineering teams to achieve optimal risk outcomes and maintain the trust our customers place in us. We're seeking two highly accomplished Business Information Security Officers (BISOs) to join our team, one supporting our Availability & Infrastructure Engineering (AiE) team and the other our Hyperforce Platform Services (HPS) team. You will be leading security accountability for critical areas of our infrastructure and platform. These roles require moving beyond traditional compliance to become co-owners of security outcomes. BISO for Availability & Infrastructure Engineering (AiE) As the BISO for AiE, you will assume accountability for the security risk posture of the teams that keep Salesforce running 24/7/365—including Site Reliability Engineering (SRE), Big Data Observability, and Global Incident Response. Your Mission: Partner with AiE leadership to prioritize security risks within the context of mission-critical availability Be the "Voice of Security" for operational teams where availability is intrinsically linked to security Champion "Security for Operations" mindset, ensuring incident response frameworks, observability pipelines, and change management processes are robust against both adversarial threats and operational errors Integrate "Security as Code" within CI/CD and release pipelines Govern the use of AI in operations to automate security defenses and support operational resiliency BISO for Hyperforce Platform Services (HPS) As the BISO for HPS, you will secure the foundation of our business—our "Hyperforce" architecture—operating as the "Voice of Security" embedded with our most critical engineering teams. Your Mission: Partner with HPS leadership and architects to translate complex risks into engineering reality Bring a "platform" mindset, understanding that security controls at the platform and infrastructure layer deliver exponential scale and value to downstream cloud tenants Bridge the gap between "architectural risks" (multi-substrate security, cloud dependencies) and "operational risks" (patch management, configuration drift) Foster a culture where security is indistinguishable from quality Ensure risk decisions are deeply informed by specific technical context, constraints, and capabilities of our systems

Requirements

  • Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field (equivalent experience may be considered)
  • 10+ years of professional experience in security risk management, with at least 5 years dedicated to security operational roles supporting major cloud platforms (AWS, GCP, or multi-cloud environments)
  • Exceptional executive presence, negotiation, and influence skills with ability to partner at VP+ level without direct authority
  • High risk acumen and extensive experience managing complex portfolios of security risks
  • Strong working knowledge of industry standards and regulations (NIST CSF, ISO 27001, SOC 2, NIST 800-160, ISO 27035, ITIL v4, DORA)
  • Proven ability to build strong partnerships across all security functions (CSOC, Product Security, GRC, Enterprise Security)
  • Strong understanding of CI/CD security, infrastructure-as-code, and zero-trust architecture principles
  • Experience acting as a key stakeholder during major security incidents, managing executive escalations, and driving post-incident remediation
  • Experience managing globally distributed teams across multiple time-zones with 24/7 on-call responsibilities
  • Strong grasp of availability metrics (SLAs, SLOs, error budgets) and ability to balance these with security error budgets
  • Foundational experience in SRE, DevOps, Big Data, or observability platforms
  • Experience with auto-remediation platforms and chaos engineering
  • Solid understanding of hyper-scale architectures (like Hyperforce), containerization (Kubernetes), microservices, and distributed systems
  • Experience building or leading vulnerability management programs with context-based prioritization (SSVC, EPSS)
  • Strong understanding of IAM lifecycle, governance, and architecture (Least Privilege, RBAC/ABAC, SSO, MFA)

Nice To Haves

  • Demonstrated experience as a Business Information Security Officer (BISO) or equivalent security leadership role
  • Certifications such as CCSP, CISSP, CISM, AWS Certified Security Specialty, GCP Security Engineer, or CKS
  • Strong understanding of Secure SDLC, threat modeling, and integrating security checks (SAST/DAST) into development pipelines

Responsibilities

  • Security Accountability & Partnership: Partner with product and engineering leadership to collaboratively prioritize security initiatives, negotiate trade-offs, and ensure executive-level accountability for achieving security and business outcomes
  • Strategic Risk Communication: Translate complex technical security signals into clear, compelling, and actionable executive and board-level business narratives
  • Operational Risk Management: Deliver regular, metric-driven readouts on security risk posture, actively maintain the Security Risk Register, and lead security due diligence for remediation timelines
  • Secure-by-Design/Secure-in-Operations Culture: Foster a culture of shared security responsibility by integrating security and compliance requirements throughout the infrastructure lifecycle
  • AI-Driven Optimization: Leverage generative AI technologies to reduce manual toil and enhance security risk management

Benefits

  • Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Number of Employees

5,001-10,000 employees

Job Search Resources

Similar Business Information Security Officer (BISO) job opportunities

Business Information Security Officer (BISO)
Salesforce
Salesforce • San Francisco, CA6d
Sr. Business Information Security Officer (Sr. BISO)
Bank of America
Bank of America • Washington, DC2d • Onsite
Sr. Business Information Security Officer (Sr. BISO)
Bank of America
Bank of America • Chicago, IL1d • Onsite
Sr. Business Information Security Officer (Sr. BISO)
Bank of America
Bank of America • Washington, DC2d • Onsite
🔥 New JobSr. Business Information Security Officer (Sr. BISO)
Bank of America
Bank of America • Chicago, IL16h • Onsite
🔥 New JobBISO Lead (Information Security Officer) – Clinical
Gulf Coast Automation Group
Gulf Coast Automation Group • Chicago, IL17h • $100,000 - $150,000 • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service