Lead, Business Information Security - BISO (AI)

About The Position

Requirements

• Bachelor's Degree in computer science, computer information systems, engineering, business administration, or related field, or equivalent work experience in lieu of degree
• 7 years of experience in information security
• Experience influencing cross-functional teams and executive stakeholders
• Experience in AI, large language models (LLM) solutions, and advanced data platforms.
• Strong understanding of cybersecurity principles, frameworks (e.g., NIST, ISO 27001), and regulatory requirements
• Strong written and verbal communication with the ability to translate technical concepts to non-technical audiences
• Experience developing and implementing an enterprise security program to meet new business and technology requirements

Nice To Haves

• Hands-on technical experience in risk management, security operations, engineering, or architecture
• Prior experience leading a complex cybersecurity function within a large, matrix enterprise
• Familiarity with retail technology ecosystems, supply chain operations, or e-commerce platforms
• Experience leading change and transformation initiatives
• CISSP Certified Information Systems Security Professional
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC) or other relevant industry certifications.

Responsibilities

• Serve as the primary liaison and strategic advisor to business and technology leaders, ensuring cybersecurity considerations are embedded in planning and prioritization.
• Maintain an expert awareness of information security news, trends, and emerging technologies to proactively identify potential risks, assess their impact on the business, and inform strategic cybersecurity planning.
• Advise product, development, and architecture teams on cybersecurity best practices during the design and implementation of new initiatives.
• Conduct technology risk assessments and partner with technical teams to develop mitigation strategies that balance both business agility and security objectives.
• Translate enterprise security policies into actionable, impactful strategies to be implemented at the product and solution level, identifying gaps or redundancies and recommending strategies to mature, rationalize, or develop security capabilities.
• Guide the integration of security controls and practices into the system development lifecycle to promote security-by-design across products, services, and vendor solutions.
• Build and maintain strong relationships with cross-functional stakeholders to drive security maturity and enhance visibility into organizational risk.
• Serve as an escalation point and mentor for junior staff for the most complex support problems.