Business Information Security Officer

Levi Strauss & Co.•San Francisco, CA

1d•Hybrid

About The Position

The Business Information Security Officer (BISO) will be the primary contact between the cybersecurity function and their assigned business unit(s), region, service line, platforms(s), and/or corporate team. The BISO is a trusted business and cybersecurity leader who partners with business unit leadership to embed security into strategy, operations, and product delivery. You will be a part of a team of BISOs supporting multiple business portfolios, translating enterprise security objectives into business‑aligned outcomes. The BISO drives risk reduction, compliance readiness, secure enablement of growth, and measurable improvements in security posture—while ensuring security is a business enabler, not a blocker. You will report to the Senior Director of Risk & Strategy for the Global Information Security team.

Requirements

A BA/BS in a Business or Computer Science, Information Security, Engineering, or related field.
7+ years of progressive experience in cybersecurity, risk management, or technology governance; experience influencing senior business leaders.
Expertise in security programs in complex global, matrixed organizations.
Experience with risk assessment, incident response, and security audits
Experience with GRC platforms, cloud security, and DevSecOps
Experience with many security technologies, including firewalls, artificial intelligence, intrusion detection systems, access control systems, and encryption
Experience with security frameworks, methodologies, and regulations such as NIST Cybersecurity Framework (CSF) and ISO/IEC 27001, FAIR, PCI-DSS, GDPR, SOC 2, HIPAA
Deep understanding of business operations and how initiatives create value and risk
Demonstrated strength in coaching and developing teams to improve outcomes

Nice To Haves

MBA or MS in Cybersecurity or Information Security desirable but not required.
Certifications Preferred: CRISC, CISSP, and CISM.

Responsibilities

Be a subject matter expert (SME) between cybersecurity and the lines of business in the development of appropriate policies, standards, and frameworks
Recommend resources (e.g., security architects, engineers) to achieve outcomes
Monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function
Follow all risk remediation protocols to ensure issues are reduced, risks are accounted for and exceptions are tracked following frameworks, policies and standards set by our organization
Work with BUs to align funding requirements with strategic projects
Participate in cybersecurity and business-related councils or working groups
Oversee vendor onboarding and monitoring; enforce third‑party security requirements, issue remediation plans, and track residual risk. Collaborate with Procurement, Legal, and Business Owners to embed security in contracts and due diligence.
Partner with Audit, Legal, Privacy, and Compliance on controls testing, obligations, and readiness.
Educate partners on cybersecurity-related matters to increase awareness and improve culture
Develop an understanding of business goals and reframe risk discussions in business terms
Constructively engage business partners regarding cybersecurity issues
Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
Challenge business partners' assumptions about value drivers and present an alternate perspective
Investigate security incidents and develop remediation plans in collaboration with CSIRT or other partners responsible for incident response
Establish standard operating procedures for business engagement, risk management, exception handling, and escalation