Business Information Security officer (BISO) for TIO (Technology Infrastructure and Operations)
We are not looking to hire a CISO as this BISO role will report to our CISO
Requirements
- Possess a strong proficiency with AWS services (EC2, S3, IAM, Lambda, CloudTrail, CloudWatch, KMS, GuardDuty, Security Hub, WAF, etc.).
- Have the ability to design secure, scalable cloud architectures with proper identity, access management, and network segmentation.
- Experience with AWS Config, AWS Control Tower, or Terraform for compliance automation and infrastructure as code (IaC).
- Possess an understanding of Kubernetes (EKS), Docker, and container image scanning tools.
- Hands-on experience integrating security controls into Jenkins, GitHub Actions, or GitLab CI pipelines.
- Familiarity with code scanning tools (Snyk, SonarQube, Checkmarx, or Veracode) and dependency management.
- Scripting proficiency (Python, Bash, or PowerShell) to automate security testing and compliance checks.
- Experience implementing vault solutions (HashiCorp Vault, AWS Secrets Manager).
- Ability to translate technical risks into business terms for senior stakeholders and non-technical leaders.
- Experience partnering with IT, Cloud, and Business Units to embed security in strategic initiatives.
- Leading security programs, tracking KPIs/metrics, and ensuring timely delivery of remediation plans. Designing and delivering cybersecurity awareness programs tailored to business functions.
Responsibilities
- Driving information, cyber, and infrastructure security governance across all business and technology units, ensuring alignment with enterprise cybersecurity programs, objectives, and regulatory requirements.
- Serving as the primary liaison between Business Units, Cloud Engineering, and the Cyber Security organization to embed security awareness and best practices into AWS cloud operations, CI/CD pipelines, and DevOps workflows.
- Leading cloud security oversight for AWS environments, including configuration management, identity and access controls, encryption, and compliance with organizational policies and industry standards (ISO 27001, NIST, SOC 2).
- Managing and coordinating technical risk assessments — including vulnerability scanning, penetration testing, and application risk reviews — to ensure secure deployment across cloud and hybrid infrastructures.
- Overseeing the security posture of CI/CD pipelines (Jenkins, GitHub Actions, or similar), integrating automated scanning tools and secure code validation into build and deployment processes.
- Collaborating with DevOps and Infrastructure teams to define and implement secure-by-design practices for containerized workloads, Kubernetes clusters, and AWS-native services (EKS, EC2, S3, Lambda).
- Defining and executing a risk-based information and infrastructure security strategy, including setting measurable goals, developing security training programs, and creating roadmaps for improving DevSecOps maturity.
- Developing and report cybersecurity metric scorecards to track compliance with enterprise standards, vulnerability remediation progress, and adoption of security controls across business and cloud environments.
- Providing expert guidance on security architecture decisions, evaluating new tools and technologies for impact on cloud environments, automation frameworks, and enterprise security strategy.
- Leading cross-functional security initiatives to ensure business innovation aligns with secure architecture principles, risk management standards, and ongoing governance frameworks.
