🚀 Role Summary

The Business Information Security Officer (BISO/BSO) acts as the primary security liaison between business units, enterprise security, and GRC functions.

This role is responsible for ensuring that information security risks are identified, assessed, communicated, and effectively managed, while embedding secure-by-design principles across business initiatives.

The BISO will ensure alignment with enterprise security frameworks such as ISO 27001, SOC 2, NIST, and FedRAMP.

🔧 Key Responsibilities

1. Security Advisory & Secure-by-Design

• Act as a trusted advisor to business and delivery teams
• Embed security-by-design principles from early stages of programs
• Translate security frameworks (ISO 27001, SOC 2, NIST, FedRAMP) into actionable requirements
• Collaborate with architecture and engineering teams to incorporate security into solutions

2. SDLC Security Enablement

• Ensure security requirements are integrated into SDLC processes
• Coordinate with GRC, AppSec, and engineering teams
• Track security findings and ensure remediation plans are executed

3. Third-Party Risk Management

• Act as liaison for vendor risk and due diligence activities
• Ensure completion of risk assessments by stakeholders
• Communicate vendor risk posture in business-friendly terms
• Support informed risk-based decision-making

4. Transformation & Divestiture Support

• Support security activities for transformation and divestiture programs
• Coordinate across IT, business, GRC, and security teams
• Ensure compliance with security frameworks during transitions

5. Physical Security Coordination

• Support site-level security assessments
• Communicate gaps and remediation plans
• Track progress and ensure risk closure

6. Risk Governance & Stakeholder Collaboration

• Facilitate risk discussions and decision-making
• Ensure risks and mitigation plans are clearly documented
• Support risk acceptance and governance processes
• Collaborate across IT, GRC, legal, compliance, and business units

📊 Key Deliverables

• Security-by-design guidance aligned with enterprise frameworks
• SDLC security tracking and remediation reports
• Third-party risk summaries
• Transformation security documentation
• Risk acknowledgement and acceptance records
• Executive-level security reporting

🛠️ Core Competencies

• Strong knowledge of:
• ISO 27001, SOC 2, NIST, FedRAMP
• Excellent stakeholder management and communication skills
• Ability to translate technical risks into business impact
• Strong coordination and facilitation skills
• Understanding of SDLC, AppSec, and enterprise risk management
• Ability to operate in complex, matrix organizations

⭐ Preferred Experience

• Experience in BISO / BSO / Security Advisory roles
• Experience in large enterprise or regulated environments
• Exposure to divestiture, transformation, or migration programs
• Knowledge of cloud and hybrid security environments

🌟 What We’re Looking For

✔️ Strong leadership and stakeholder engagement

✔️ Business-focused approach to security

✔️ Ability to influence without direct authority

✔️ Strategic thinking with operational execution