Business Information Security Officer

About The Position

Requirements

• 8+ years of progressive experience in information/cybersecurity, IT risk, technology, or related roles, with significant exposure to business stakeholders.
• Demonstrated experience in at least two of the following domains: security architecture/engineering, security operations, GRC, application security, cloud security, or data protection.
• Proven track record functioning as a security or technology partner to business units, product lines, or regions (e.g., BISO, Security Business Partner, Security Architect, Risk Partner).
• Experience working within established frameworks such as ISO 27001/2, NIST CSF, NIST 800-53/171, or similar.
• Broad understanding of information security domains: network and cloud security, identity and access management, application security, data protection, vulnerability management, incident response, and security monitoring.
• Strong knowledge of risk management principles, control design, and assessment methodologies.
• Familiarity with regulatory requirements and standards relevant to the organization’s industry and geographies (e.g., SOX, GDPR, ISO 27001, TISAX, NIST CSF, sectoral regulations, etc.).
• Strong business acumen with the ability to understand BU strategy, value chains, and operating models, and to align security accordingly.
• Exceptional communication skills, capable of translating technical risks into business language and vice versa, and tailoring messages to executives, technical teams, and frontline staff.
• Proven ability to influence, negotiate, and drive consensus without direct authority; comfortable operating in a matrixed environment.
• High degree of integrity, judgment, and professionalism; able to handle sensitive issues and confidential information appropriately.

Nice To Haves

• Experience in a regulated industry is highly desirable.

Responsibilities

• Serve as the trusted cybersecurity advisor to Business Unit / Region leadership, participating in BU leadership forums, planning cycles, and governance routines.
• Translate Dolby’s global cybersecurity strategy, policies, and standards into actionable, BU‑specific roadmaps and controls.
• Ensure security is integrated into business strategy and major initiatives from inception through execution.
• Act as the “voice of the business” to the CISO, ensuring security investments, priorities, and controls reflect BU realities and objectives.
• Lead or coordinate cybersecurity risk assessments for the BU, including applications, products, processes, and critical assets, using approved risk methodologies.
• Facilitate identification, evaluation, treatment, and tracking of cyber risks; work with risk owners to define and implement remediation plans and risk acceptances.
• Support compliance with relevant regulatory, legal, and contractual requirements (e.g., SOX, GDPR, ISO 27001, TISAX, NIST CSF, etc.), coordinating with Legal, Compliance, Privacy, and Internal Audit as needed.
• Prepare for and support internal and external audits, certifications, and regulatory examinations impacting the BU.
• Embed security-by-design principles into BU projects, products, and services; ensure appropriate security requirements, architecture reviews, and testing are performed.
• Partner with Enterprise/ Security Architecture and Engineering teams to ensure BU solutions align with reference architectures, standards, and patterns.
• Review and advise on security aspects of solution designs, change requests, and exceptions, balancing business agility with risk reduction.
• Act as the primary BU point of contact for security incidents, data breaches, and significant vulnerabilities; coordinate with the SOC, IR team, and business stakeholders.
• Support post‑incident reviews, lessons learned, and tracking of corrective actions within the BU.
• Support or lead security risk assessments of key third‑party vendors, partners, and service providers used by the BU, in coordination with central Third‑Party Risk Management.
• Review and advise on contractual security requirements and SLAs for BU vendors and partners.
• Monitor and help remediate third‑party security gaps that could affect BU operations, data, or customers.
• Champion a culture of shared responsibility for cybersecurity within the BU; make security understandable, relevant, and actionable for non‑technical stakeholders.
• Partner with central security awareness teams to tailor and deliver BU‑specific training, phishing simulations, workshops, and communications.
• Provide targeted guidance to high‑risk roles (e.g., developers, privileged admins, sales with access to sensitive data, executives) on secure behaviors and practices.
• Develop and maintain BU‑level security and risk metrics (KPIs/KRIs) aligned with enterprise dashboards and frameworks.
• Provide regular reporting to BU leadership and the CISO on cyber risk posture, control effectiveness, incidents, exceptions, and remediation progress.
• Use data to support risk‑based decision‑making and to demonstrate the value and impact of security investments within the BU.
• Build strong relationships with BU leaders, product owners, IT, engineering, finance, people, marketing, legal, and other stakeholders to drive alignment and shared outcomes.
• Mediate between cybersecurity teams and business teams to resolve conflicts, clarify requirements, and negotiate risk‑appropriate solutions.
• Mentor and influence cross‑functional teams within the BUs to improve their understanding of cyber risk and their role in managing it.

Benefits

• bonus
• benefits
• equity