BISO, Product Security

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field. Equivalent experience may be considered.
• 10-15 years of experience in information security, with at least 5-10 years in a leadership role focused on technical security across cloud, infrastructure, applications, and third-party integrations.
• Deep understanding of security principles across all tech layers, including cloud platforms (AWS, Azure, GCP), infrastructure security (network, endpoint, IAM), application security (SAST, DAST, secure coding), and third-party risk management frameworks.
• Familiarity with security tools such as SIEM (e.g., Splunk, QRadar), vulnerability scanners (e.g., Qualys, Nessus), or IAM solutions (e.g., Okta, SailPoint).
• Ability to drive both strategic and technical conversations about cybersecurity architecture based on customer persona (engineering executives, Architects, Engineering managers etc.)
• Demonstrated ability to work independently, take ownership of security initiatives, and drive results with minimal supervision.
• Strong executive presence and the ability to articulate technical security concepts in a business/risk context.
• Customer-focused with the ability to balance a "get it done" attitude with diplomacy.
• Proven ability to prioritize initiatives utilizing risk data from multiple input sources while staying aligned with the bigger picture.
• Strong understanding of security and compliance frameworks (e.g., SOX, NIST CSF, ISO 27001/2, CIS Controls).
• Ability to thrive in a dynamic, fast-paced environment, staying ahead of emerging threats and adapting strategies to evolving business needs.
• Excellent communication skills to translate complex security concepts into business-friendly language.
• Strong stakeholder management and collaboration skills to work with cross-functional teams and influence decision-making without direct authority.

Nice To Haves

• Deep understanding of securing AI solutions.
• Strong familiarity with SDLC concepts and shift left security approaches
• Prior experience as BISO or equivalent is desirable.
• Ability to cultivate strong working relationships with customer teams and internal security teams, including those in international locations.
• Strong willingness to challenge the status quo and drive continuous improvement through change and new ideas.
• Track record of auditing-related or consulting experience in the high tech industry is a plus.
• Certifications like CISM , CCSP or CISSP are highly desired.

Responsibilities

• Collaborate with product and engineering teams to drive security initiatives and improve risk posture.
• Manage stakeholder expectations and cybersecurity risk for the Business units.
• Plan, Prioritize, optimize, and drive the execution of the security backlog via a single work stream for product & engineering.
• Utilize deep technical understanding and business risk impact to drive security outcomes.
• Translate complex security concepts into business-friendly language.
• Influence decision-making without direct authority and work effectively across different teams and at all levels.

Benefits

• time off programs
• medical
• dental
• vision
• mental health support
• paid parental leave
• life and disability insurance
• 401(k)
• employee stock purchasing program