Business Information Security Officer (BISO)

About The Position

Requirements

• Typically 8+ years of IT experience, with 4+ years in cybersecurity, IT risk, or information security.
• Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.
• Executive Presence & Communication: Ability to converse fluently in English with senior business leaders, including global business unit Presidents.
• Highly skilled at translating technical concepts into clear, business-relevant insights.
• Ability to influence decisions through partnership and credibility.
• Adept at framing risk in terms of financial, operational, regulatory, and reputational impact.
• Strong understanding of cybersecurity frameworks, governance, and risk management.
• Proficiency in system assessment, control selection, and vulnerability management practices.
• Experience balancing enterprise standards with local business needs.
• Experience supporting compliance programs and audit processes.
• Broad understanding of enterprise technologies, including cloud, applications, infrastructure, and emerging trends.
• Strong knowledge of security principles, risk management, and control frameworks (e.g., NIST, CIS).
• Experience translating security risks into business impact and decision-making guidance.
• Familiarity with Agile and DevSecOps delivery models.
• Working knowledge of regulatory requirements (e.g., PCI DSS, GDPR) and practical implementation.
• May require competency in all of the six Security competencies: Security Intelligence, Identity Management, Compliance, Secured Infrastructure, Secured Development and Security Education.
• This position will have access to ITAR product and therefore be authorized to access product.
• This position requires the employee to be a U.S. Citizen or National, or a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20), or a protected individual as defined by 8 U.S.C. 1324b(a)(3).

Nice To Haves

• Relevant certifications such as CISSP, CISM, CRISC preferred.

Responsibilities

• Serve as the primary cybersecurity advisor to assigned business units, building strong, trust-based relationships.
• Actively engage with business leaders to understand priorities, challenges, and growth initiatives.
• Ensure security is embedded early in planning to enable faster, more informed decision-making.
• Provide consistent, responsive, and business-aligned security support.
• Apply practical, risk-based assessment methodologies aligned to business context.
• Recommend right-sized security controls based on operational context and regulatory requirements.
• Prevent over- or under-engineering of controls, reducing friction for business teams.
• Translate complex technical risks into clear business-impact language (financial, operational, customer trust, and compliance) for executives.
• Enable business leaders to make informed, risk-based decisions with confidence.
• Partner with teams to define actionable remediation strategies, compensating controls, and acceptable risk positions.
• Promote transparency so risks are clearly understood.
• Establish recurring governance touchpoints within each business unit.
• Provide transparency into security posture, risk hot spots, and upcoming compliance obligations.
• Support clear ownership and drive accountability for managing risk.
• Represent business priorities within enterprise cybersecurity discussions.
• Surface business-unit-specific risks and needs to enterprise cybersecurity leadership.
• Advocate for solutions that align security expectations with business realities.
• Help ensure enterprise priorities are informed by emerging risk and business needs.
• Support business units in meeting vulnerability remediation SLAs.
• Help teams understand the business impact of exposures and coordinate remediation with IT Ops and Engineering.
• Promote and monitor adoption of secure configuration baselines across all systems.
• Provide security expertise for customer-facing functions such as supply chain solutions, design services, and digital platforms.
• Support sales cycles, customer trust discussions, and contract/audit responses.
• Position cybersecurity investments as competitive differentiators for revenue-critical offerings.
• Support business units in obtaining, maintaining, and preparing for security and compliance certifications—including CMMC, ISO 27001, UK Cyber Essentials, and NIS2—by guiding control implementation, evidence collection, readiness assessments, and audit interactions.
• Assist the business in meeting ongoing regulatory and compliance requirements such as SOX, PCI, HIPAA, GDPR, and other regional or industry-specific mandates.
• Ensure that certification and regulatory obligations are translated into clear, actionable business tasks, and that gaps are tracked and remediated.

Benefits

• Generous Paid Time Off
• 401K and Pension Plan
• Paid Holidays
• Family Support (Paid Leave, Surrogacy, Adoption)
• Medical, Dental, Vision, and Life Insurance
• Long-term and Short-term Disability Insurance
• Health Savings Account / Flexible Spending Account
• Education Assistance
• Employee Development Resources
• Employee Wellness, Leadership Development and Mentorship Programs