Cyber Security Business Information Security Officer – BISO

Company: Jobtailor
Apply for the Cyber Security Business Information Security Officer – BISO
Location: Oxford
Job Description:

Responsibilities

  • Act as the primary security partner for assigned business units, building trusted senior stakeholder relationships.
  • Embed security early into business initiatives, product development, and technology delivery.
  • Sponsor and support enterprise and business‑aligned security initiatives end‑to‑end.
  • Provide expert security guidance across concurrent IT, engineering, and business projects.
  • Oversee security assessments including vulnerability management, penetration testing, and third‑party risk.
  • Translate security findings into prioritized, actionable remediation plans with clear ownership.
  • Provide security input into solution architecture and major technology decisions.
  • Serve as the security point of contact for customer‑facing inquiries, audits, and due‑diligence.
  • Identify, document, and govern cyber risks, supporting risk acceptance and escalation processes.
  • Develop and report meaningful security metrics to inform leadership decisions and continuous improvement.

Requirements

  • Several years’ experience in a BISO or senior security leadership / advisory role
  • Strong cloud and application security experience (AWS, Azure, GCP; secure SDLC)
  • Hands‑on knowledge of security tooling (SIEM, SOAR, EDR/XDR, CSPM, SAST/DAST)
  • Experience embedding security into CI/CD pipelines and DevSecOps practices
  • Proven capability in risk assessments, threat modeling, and control gap analysis
  • Experience collaborating with SOC and Incident Response teams during security events
  • Working knowledge of security frameworks and regulations (NIST, ISO 27001, CIS, GDPR, etc.)
  • Ability to translate technical risk into clear, business‑relevant language
  • Strong stakeholder management skills with the ability to influence without authority
  • Bachelor’s degree in Engineering, Computer Science, or equivalent experience, plus relevant certifications (CISSP, CISM, GIAC, or similar)

Hard Skills

  • cloud security
  • application security
  • risk assessments
  • threat modeling
  • control gap analysis
  • vulnerability management
  • penetration testing
  • secure SDLC
  • DevSecOps
  • security metrics

Soft Skills

  • stakeholder management
  • influence without authority
  • communication
  • collaboration
  • leadership
  • trust building
  • problem solving
  • risk acceptance
  • continuous improvement
  • documentation

Certifications & Qualifications

  • CISSP
  • CISM
  • GIAC
  • ISO 27001
  • NIST
  • CIS
  • GDPR

#J-18808-Ljbffr…

Posted: July 12th, 2026