BISO (Business Information Security Officer)

About The Position

Requirements

• 5+ years in cybersecurity, security engineering, risk management, or related technical roles
• Strong understanding of cybersecurity threats, security frameworks (NIST, ISO 27001, CIS Controls), risk management, and security architecture
• Experience with access control, monitoring, vulnerability management, and secure development practices
• Knowledge of security compliance standards such as ISO 27001, SOC2, NIST frameworks, and industry-specific regulations
• Background in information security operations, security engineering, or GRC functions
• Experience working with cloud platforms (AWS, Azure, GCP)
• Familiarity with security technologies including SIEM, vulnerability scanners, endpoint protection, identity and access management, and network security tools
• Bachelor's degree in technology field
• Exceptional communicator, able to translate complex security concepts, risks, and technical requirements for both technical and non-technical stakeholders at all organizational levels
• Collaborative influencer who effectively aligns teams and leadership to achieve security objectives without direct reporting authority
• Pragmatic problem solver who balances operational realities, business constraints, and security requirements to develop practical solutions
• Effective program leader capable of delivering multi-quarter security initiatives with measurable business and risk reduction impact
• Strategic thinker who can see connections between security, business operations, technology, and organizational objectives
• Adaptable professional who thrives in dynamic environments and can manage competing priorities
• Self-directed with strong organizational and project management capabilities

Responsibilities

• Partner with business unit leadership to advise on security decisions that enable business objectives, operational excellence, and competitive advantage
• Serve as primary security liaison for assigned business units, establishing strong relationships with operations, engineering, product, facilities, and technology teams
• Maintain and communicate business unit risk posture to leadership and teams, fostering proactive risk management and security culture
• Monitor compliance with security policies, standards, and regulatory requirements relevant to business operations
• Drive adoption and continuous improvement of security standards, policies, and best practices across business operations
• Build reusable artifacts, playbooks, and guidance materials to enable teams to integrate security seamlessly into daily operations
• Contribute to incident preparedness, response, and recovery activities, ensuring coordinated and timely mitigation while minimizing operational impact
• Serve as business unit security point of contact during security incidents, coordinating with central security operations and business stakeholders
• Conduct post-incident reviews and lead tabletop exercises to enhance preparedness and resilience
• Collaborate with information security, enterprise architecture, IT operations, legal, compliance, and other teams on security initiatives and projects
• Partner with other BISOs across the enterprise to share practices, standardize approaches, and drive consistency where appropriate

Benefits

• Employee Assistance Program
• Health insurance
• Life insurance
• Disability insurance
• Voluntary plans
• Retirement plan
• Paid Time Off (PTO)
• Paid Holidays