Senior Director, Business Information Security Officer (BISO)

About The Position

Requirements

• Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• 10+ years of experience in cybersecurity, with strong exposure to product/application security and engineering engagement.
• Proven experience working in or alongside product and engineering organizations in a SaaS or cloud environment.
• Deep understanding of: Secure SDLC and DevSecOps practices
• Application security (OWASP Top 10, threat modeling, secure coding)
• Vulnerability management and security testing tools (SAST, DAST, IAST)
• Strong ability to translate technical risks into product, customer, and business impact.
• Experience influencing cross-functional teams without direct authority.
• Experience with regulatory frameworks such as SOC 2, ISO 27001, and similar standards.

Nice To Haves

• Relevant certifications (CISSP, CISM, or CSSLP) preferred.

Responsibilities

• Act as the primary security advisor to Product Management and Engineering leadership.
• Align enterprise security strategy with product roadmaps, architecture decisions, and engineering priorities.
• Ensure security considerations are incorporated early in product design and planning processes.
• Translate technical security risks into product, customer, and business impact to support decision-making.
• Define and maintain product and application security policies, standards, and guardrails aligned with industry best practices.
• Establish clear security requirements for the SDLC, including secure coding, testing, and release expectations.
• Partner with Product & Engineering to operationalize these standards within developer workflows and tooling.
• Drive consistent adoption and enforcement of security policies across all product teams.
• Establish a product-centric risk management framework, including risk identification, prioritization, and reporting.
• Ensure product and engineering teams appropriately assess, prioritize, and remediate vulnerabilities and design risks.
• Provide governance over risk acceptance decisions, ensuring alignment with business risk tolerance.
• Deliver clear visibility of product security risk posture to executive leadership.
• Partner with Product Security and Engineering teams to promote adoption of secure-by-design and secure-by-default principles.
• Ensure integration of security practices into SDLC and CI/CD pipelines (e.g., threat modeling, SAST/DAST, code reviews).
• Advocate for scalable security tooling and automation that align with engineering workflows.
• Monitor and report on adherence to secure development standards.
• Provide security guidance on product and platform architecture decisions.
• Promote the use of secure design patterns, reference architectures, and reusable controls.
• Partner with engineering teams to evaluate and securely adopt new technologies, including cloud-native and AI/GenAI capabilities.
• Act as the business-facing security lead during significant product-related vulnerabilities or incidents.
• Ensure effective coordination and communication between security teams and product/engineering stakeholders.
• Provide oversight on prioritization and remediation of critical vulnerabilities.
• Build strong partnerships with Product Management, Engineering, Product Security, GRC, and Security Operations.
• Ensure security requirements are clearly defined, understood, and actionable within engineering processes.
• Act as the translation layer between technical security teams and business/product leadership.
• Partner with Product and GTM teams to represent Proofpoint’s product security posture in customer engagements.
• Support security reviews, audits, and customer inquiries related to product security.
• Ensure alignment between product security practices and customer expectations.
• Stay current with emerging threats and vulnerabilities relevant to SaaS and cloud-native products.
• Ensure new product initiatives (e.g., AI/GenAI) incorporate appropriate security controls and governance.
• Drive continuous improvement of product security practices through feedback and insights from the business.
• Lead through influence across product and engineering organizations without direct ownership of delivery teams.
• Foster a culture where security is embedded into product quality and engineering excellence.
• Drive accountability for security outcomes through governance, transparency, and partnership.

Benefits

• Competitive compensation
• Comprehensive benefits
• Career success on your terms
• Flexible work environment
• Annual wellness and community outreach days
• Always on recognition for your contributions
• Global collaboration and networking opportunities
• flexible time off
• a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year
• a three-week Work from Anywhere option