Cyber Security Business Information Officer (BISO)

As a Business Information Security Officer (BISO), you act as the primary security partner for assigned business units, bridging business strategy and enterprise cybersecurity. You are accountable for planning and executing security initiatives that reduce risk, strengthen cyber defenses, and enable delivery at scale. The role is highly collaborative, advisory, and outcome-focused-ensuring security is embedded early and pragmatically across products, platforms, and major initiatives.,

• Act as the primary security partner for assigned business units, building trusted senior stakeholder relationships.
• Embed security early into business initiatives, product development, and technology delivery.
• Sponsor and support enterprise and business-aligned security initiatives end-to-end.
• Provide expert security guidance across concurrent IT, engineering, and business projects.
• Oversee security assessments including vulnerability management, penetration testing, and third-party risk.
• Translate security findings into prioritized, actionable remediation plans with clear ownership.
• Provide security input into solution architecture and major technology decisions.
• Serve as the security point of contact for customer-facing inquiries, audits, and due-diligence.
• Identify, document, and govern cyber risks, supporting risk acceptance and escalation processes.
• Develop and report meaningful security metrics to inform leadership decisions and continuous improvement.
  
  Several years' experience in a BISO or senior security leadership / advisory role.
• Strong cloud and application security experience (AWS, Azure, GCP; secure SDLC).
• Hands-on knowledge of security tooling (SIEM, SOAR, EDR/XDR, CSPM, SAST/DAST).
• Experience embedding security into CI/CD pipelines and DevSecOps practices.
• Proven capability in risk assessments, threat modeling, and control gap analysis.
• Experience collaborating with SOC and Incident Response teams during security events.
• Working knowledge of security frameworks and regulations (NIST, ISO 27001, CIS, GDPR, etc.).
• Ability to translate technical risk into clear, business-relevant language.
• Strong stakeholder management skills with the ability to influence without authority.
• Bachelor's degree in Engineering, Computer Science, or equivalent experience, plus relevant certifications (CISSP, CISM, GIAC, or similar).