Business Information Security Officer (~130K+)

The Business Information Security Officer (BISO) plays a critical role in aligning cybersecurity strategies with business objectives. This position involves managing cyber risks, ensuring compliance with security policies, fostering a strong risk-aware culture, and acting as a trusted advisor to business and IT teams.

About the role

• Cyber Risk Management:
• Identify, evaluate, and communicate cyber risks impacting the business and critical support functions in alignment with the organization’s cyber risk management framework.
• Develop and maintain the cyber risk profile for business units and/or critical support functions, ensuring risk treatment plans are clearly defined, adequately funded, and closely monitored.
• Represent the Cyber Security Department in non-financial risk committees led by the business or critical support functions, providing advisory support, presenting cyber risk profiles, and highlighting material risks as well as relevant updates.
• Provide guidance to the business and critical support functions regarding updates to the organization’s cyber security policies and standards, ensuring adoption plans are developed, funded, and executed.

• Business-Cyber Security Alignment:
• Integrate cyber security considerations into the strategies, objectives, projects, and day-to-day operations of business units and/or critical support functions.
• Ensure that the organization’s cyber security strategies, policies, standards, and solutions align with the goals, challenges, and regulatory requirements of the business and support functions.
• Ensure compliance with the organization’s cyber security policies and standards across all processes and systems.
• Promote cyber risk awareness and foster a strong cyber security culture within the business and/or critical support functions by leveraging existing cyber awareness and training programs.
• Act as a liaison for business units to communicate their needs and drive awareness of the Cyber Security program, promoting the adoption of security controls across the organization.
• Advocate for modern Agile InfoSec practices, balancing security requirements with business agility through a pragmatic, risk-based approach.
• Ensure seamless integration of Cyber Security controls by fostering collaboration between Cyber Security and Business stakeholders.

• Stakeholder Collaboration and Communication:
• Serve as a trusted cyber security advisor, building strong partnerships between Cyber Security, Business, and IT teams.
• Simplify complex security concepts and requirements into actionable, business-friendly guidance.
• During cyber security incidents, provide periodic situational updates to the business and/or critical support functions, continuously assessing the business impact.
• Prepare clear, concise updates on cyber risk profiles, strategies, policies, and standards, tailoring communication for non-financial risk committee members.

About You

• Bachelor’s degree in Computer Science, IT, or a related field (Master’s degree preferred).
• Over 10 years of experience in cyber risk management, governance, or related fields.
• Exceptional communication skills, with the ability to simplify technical concepts for diverse audiences.
• Proven expertise in engaging stakeholders, including senior executives and board members.
• Demonstrated success in building business partnerships and fostering a strong risk-aware culture.
• Outstanding English writing and verbal communication skills, with the ability to present complex ideas to non-technical audiences.
• In-depth knowledge of key cyber control domains, risk management frameworks, governance practices, and GRC tools.
• Strong organizational skills, with the ability to manage multiple responsibilities while maintaining attention to detail.
• Excellent relationship-building and stakeholder management capabilities.