Program Manager, Cybersecurity Strategy and Metrics (BISO)

About The Position

Requirements

• Typically 8+ years with bachelor's or equivalent.
• Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.

Responsibilities

• Program Build‑Out & Continuous Improvement Partner with the Director to establish and refine the BISO operating model, including engagement patterns, role delineation, standard artifacts, and escalation paths. Conduct a formal proof‑of‑value (PoV) to demonstrate program impact, measure risk‑reduction effectiveness, capture workload and volume metrics, and translate results into repeatable operational standards. Assess and forecast BISO workload, helping size the team appropriately based on demand, complexity, and business footprint. Define logical lanes of responsibility for current and future BISOs (e.g., vulnerability support, governance, audit coordination, system assessments). Establish and evolve operational standards—intake processes, assessment frameworks, risk templates, reporting dashboards, and governance cadences.
• System Assessments, Categorization & Control Selection Lead and guide junior BISOs in conducting standardized system assessments, ensuring security requirements are right‑sized based on risk, data sensitivity, business criticality, and regulatory needs. Champion consistent control selection and tailoring, preventing both over-engineering and under‑protection. Work closely with Enterprise Cybersecurity, IT, and engineering teams to align system‑level decisions to enterprise guardrails while minimizing business friction.
• Risk Translation, Prioritization & Action Planning Translate complex and technical security risks into clear business‑impact narratives, articulating implications across operational disruption, customer trust, revenue exposure, and compliance obligations. Partner with business units to develop action plans, compensating controls, or formal risk acceptances for vulnerabilities, supplier issues, audit findings, and system gaps. Ensure every risk or exception is evaluated, documented, approved, monitored, and periodically reviewed—with complete visibility to leadership.
• Local Governance & Risk Visibility Establish recurring business-level governance mechanisms, providing transparency on risk posture, remediation progress, secure baseline adoption, assessments status, and upcoming obligations. Ensure business leaders have a clear understanding of risk hot spots, competing priorities, and potential escalations. Drive accountability by aligning BU decisions with enterprise risk tolerance and CISO‑level expectations.
• Escalation of BU‑Specific Risks & Project Needs Surface business‑specific risks, systemic blockers, resource needs, and project dependencies to enterprise cybersecurity leadership. Ensure issues do not remain isolated or siloed within a single business area by enabling centralized visibility and prioritization. Help guide enterprise trade‑off decisions by providing concise, contextual, and data‑driven escalation narratives.
• Vulnerability Management & Secure Baselines Support business units in interpreting vulnerability findings, assessing business impact, and prioritizing remediation in alignment with SLAs. Coordinate cross‑functional remediation strategies, removing blockers and driving adherence to enterprise remediation expectations. Champion the deployment, maintenance, and periodic validation of secure configuration baselines across systems within assigned scope to improve audit readiness and reduce systemic vulnerabilities.
• Hands‑On BISO Support for Assigned BU(s)/Region(s) Serve as the primary cybersecurity advisor and engagement point for designated operating companies or regions. Advocate for the business within the cybersecurity organization while ensuring consistent application of enterprise security policies and risk standards. Support revenue‑critical functions including customer security inquiries, audits, RFP responses, and contract security obligations.
• Governance, Audit Coordination & Risk Oversight Coordinate audit response activities with assigned business units, ensuring coherent remediation plans and consistent treatment of similar findings. Rationalize risk acceptances within business units and ensure alignment with enterprise risk appetite. Track and report remediation deadlines, exceptions, and emergent risk themes across the BISOs you manage.
• Metrics, Reporting & Decision Support Define and maintain operational dashboards covering workload, risk themes, SLA performance, exception volume, remediation velocity, and system assessment throughput. Provide executive‑ready reporting to business leadership and the CISO organization. Use trend analysis to identify systemic issues, capability gaps, and high‑impact focus areas.
• Certifications & Regulatory/Customer Security Expectations Support determination of certification applicability (e.g., ISO 27001, CMMC, Cyber Essentials, and regional schemes). Assist BUs in readiness assessments, control gap remediation, and sustaining governance to avoid fragmented or redundant certification efforts.

Benefits

• Generous Paid Time Off
• 401K and Pension Plan
• Paid Holidays
• Family Support (Paid Leave, Surrogacy, Adoption)
• Medical, Dental, Vision, and Life Insurance
• Long-term and Short-term Disability Insurance
• Health Savings Account / Flexible Spending Account
• Education Assistance
• Employee Development Resources
• Employee Wellness, Leadership Development and Mentorship Programs