Responsibilities
- Act as the primary security partner for assigned business units, building trusted senior stakeholder relationships.
- Embed security early into business initiatives, product development, and technology delivery.
- Sponsor and support enterprise and business‑aligned security initiatives end‑to‑end.
- Provide expert security guidance across concurrent IT, engineering, and business projects.
- Oversee security assessments including vulnerability management, penetration testing, and third‑party risk.
- Translate security findings into prioritized, actionable remediation plans with clear ownership.
- Provide security input into solution architecture and major technology decisions.
- Serve as the security point of contact for customer‑facing inquiries, audits, and due‑diligence.
- Identify, document, and govern cyber risks, supporting risk acceptance and escalation processes.
- Develop and report meaningful security metrics to inform leadership decisions and continuous improvement.
Requirements
- Several years’ experience in a BISO or senior security leadership / advisory role
- Strong cloud and application security experience (AWS, Azure, GCP; secure SDLC)
- Hands‑on knowledge of security tooling (SIEM, SOAR, EDR/XDR, CSPM, SAST/DAST)
- Experience embedding security into CI/CD pipelines and DevSecOps practices
- Proven capability in risk assessments, threat modeling, and control gap analysis
- Experience collaborating with SOC and Incident Response teams during security events
- Working knowledge of security frameworks and regulations (NIST, ISO 27001, CIS, GDPR, etc.)
- Ability to translate technical risk into clear, business‑relevant language
- Strong stakeholder management skills with the ability to influence without authority
- Bachelor’s degree in Engineering, Computer Science, or equivalent experience, plus relevant certifications (CISSP, CISM, GIAC, or similar)
Hard Skills
- cloud security
- application security
- risk assessments
- threat modeling
- control gap analysis
- vulnerability management
- penetration testing
- secure SDLC
- DevSecOps
- security metrics
Soft Skills
- stakeholder management
- influence without authority
- communication
- collaboration
- leadership
- trust building
- problem solving
- risk acceptance
- continuous improvement
- documentation
Certifications & Qualifications
- CISSP
- CISM
- GIAC
- ISO 27001
- NIST
- CIS
- GDPR
#J-18808-Ljbffr…
