Director Cybersecurity - BISO

About The Position

Requirements

• 4-year degree or equivalent work experience
• 10+ years of experience in both technology and cybersecurity roles, with broad exposure across multiple technology and security domains.
• 4+ years of people leadership experience, managing teams and driving outcomes in complex organizations
• Strong understanding of application and platform security concepts, cloud and on-prem architectures, identity, data protection, compliance, and secure software development practices
• Demonstrated ability to assess risk, influence decisions, and operate effectively in a large enterprise environment
• Good understanding of security management workflows in large enterprise organizations and complex environments
• Excellent written and verbal communication skills with strong presentation abilities
• Understanding of network security, cryptography, and secure software development
• Experience with security technologies, such as firewalls, IDS/IPS, SIEM, and DLP
• Excellent analytical, problem-solving, and communication skills

Nice To Haves

• Experience in retail or large, consumer-facing enterprises
• Prior experience in a BISO, security leadership, product security, or architecture-adjacent role
• Working knowledge of security frameworks and standards (e.g., NIST, ISO/IEC 27001)
• Familiarity with modern technology stacks, including cloud-native platforms, APIs, data platforms, and emerging technologies (e.g., AI/ML)
• Demonstrated curiosity, continuous learning mindset, and ability to collaborate across teams and domains

Responsibilities

• Assist your team in driving technical decision making, adhering to Target platform architecture and other enterprise considerations.
• Establish good stakeholder communication, work closely with partner teams, and help drive security requirements while being a strong advocate of efficient and secure coding practices across engineers.
• Collaborate with system designers to integrate security requirements into the design phase of IT systems
• Develop and maintain security guidance documentation, including security models, frameworks, and diagrams
• Ensure that security decisions and guidance align with the organization’s business objectives and regulatory requirements
• Understand security risks in order to identify potential vulnerabilities and threats
• Develop risk mitigation strategies and recommend appropriate security controls
• Understand and recommend security solutions, including firewalls, encryption protocols, and access control mechanisms
• Collaborate with development and operations teams to ensure secure creation and deployment of IT systems
• Provide guidance on secure coding practices
• Prioritize driving highly impactful changes that improve the business
• Conduct full-stack architecture reviews of products and platforms
• Provide expertise on information security for complex systems and applications in cloud and on-prem environments
• Design security reference architectures and create implementation/configuration guides
• Provide expertise on creation and implementation of security controls
• Build, manage, and mentor a high-performing team of BISO analysts
• Provide leadership, coaching, performance management, and career development of the team
• Establish operating models, engagement patterns, and success metrics for the BISO function
• Act as a key security advisor to senior technology and business leaders across Target Tech and the enterprise
• Translate complex technical security risks into clear business context, enabling informed decision-making
• Establish strong stakeholder relationships and foster trust-based partnerships across Target Tech and the business
• Partner with senior leaders to provide security and risk perspective into technology and business strategies, roadmaps, and investment decisions
• Oversee risk identification, assessment, and prioritization for products, platforms, and business initiatives
• Guide mitigation strategies in partnership with architecture, engineering, and enterprise security teams
• Ensure security considerations are integrated early into product and platform design discussions
• Help define, socialize, and operationalize enterprise risk tolerance by ensuring risk decisions are evaluated consistently and aligned with leadership expectations across the business
• Ensure risk management plans are clearly documented, actionable, and accurately reflect the organization’s risk tolerance, enabling transparent decision-making and consistent execution
• Partner closely with Security Architecture, Engineering, Cyber Risk, Incident Response, and other enterprise cybersecurity teams
• Provide business and product context during security incidents and critical risk events
• Advocate for systemic improvements to security controls, tooling, guidance, and processes based on observed risk patterns
• Help elevate security awareness, fluency, and decision-making capability across Target Tech by influencing standards, patterns, and guidance that enable teams to manage risk effectively
• Partner with audit, legal, privacy, and compliance teams to provide business and technology context for risk assessments, regulatory activities, and external engagements
• Participate in governance forums, architecture reviews, and leadership discussions as a security representative
• Prioritize driving highly impactful changes that improve security outcomes while enabling business agility
• Communicate effectively with technical and non-technical audiences, including executive leadership, ensuring cybersecurity is informed of business priorities and initiatives while keeping leaders informed, engaged, and actively soliciting their input to ensure alignment on risk tolerance and security tradeoffs

Benefits

• comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more
• 401(k)
• employee discount
• short term disability
• long term disability
• paid sick leave
• paid national holidays
• paid vacation