Principal, Business Information Security Officer (BISO)
About The Position
The Principal, Business Information Security Officer (BISO) plays a crucial role in ensuring the secure evolution of LPL Financial's product portfolio. Aligned with specific executives across the business, this role is responsible for the alignment with their business unit’s cybersecurity strategy with the overall corporate cybersecurity strategy. The BISO will drive risk remediation efforts, educate members of their business unit on operationalization of cybersecurity policies and procedures, and be the primary interface point for the business unit. They become the cybersecurity subject matter expert for their domain and use that knowledge to report back to the cybersecurity team on the direction the business is going, and vice-versa.
Requirements
- 7+ years of cybersecurity risk management experience, including identification, synthesis, and remediation strategies.
- Strong knowledge of NIST CSF 2.0 and other industry security frameworks.
- Extensive experience working in a matrix reporting model, supporting both operational and transformational cybersecurity initiatives.
- Executive presence with a proven ability to engage stakeholders, influence decision-making, and communicate security strategies effectively.
- Technical expertise across cloud security (AWS/Azure), DevSecOps, application security, and secure data-handling processes.
Nice To Haves
- Bachelor’s degree in Computer Science, Information Systems, or a related field.
- 10+ years in cybersecurity, risk management, or security program management.
- Strong relationship-building and cross-functional collaboration skills.
- Certifications such as CISSP, GIAC, CCSP, or other cloud security credentials.
- Experience in Agile security methodologies and understanding of Software Development Life Cycle (SDLC).
- Practical offensive security experience such as penetration testing or red teaming
Responsibilities
- Act as the primary InfoSec liaison for Product, Business, and Technology Leadership, ensuring security integration into business strategies.
- Serve as the primary point of contact for the assigned business unit.
- Drive security-related change management, ensuring transparent communication with advisors and key stakeholders.
- Provide technical and business guidance on cybersecurity risk, including application security (OWASP), cloud security (AWS/Azure), and IAM principles.
- Facilitate risk-adjusted security exception management, supporting product leaders in remediation efforts.
- Collaborate with security and product teams to reduce friction and improve alignment between InfoSec practices and business goals.
- Understand cybersecurity objectives and assist business leaders with resource planning
- Offer executive-level reporting on security posture and risk management efforts.
Benefits
- 401K matching
- health benefits
- employee stock options
- paid time off
- volunteer time off
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
Number of Employees
5,001-10,000 employees
