Job Description

This is an advanced individual contributor role focused on providing hands-on cybersecurity expertise and risk guidance in support of Pearson’s business units and technology teams. This role serves as a trusted security specialist and advisor, ensuring cybersecurity controls, risk management practices, and secure-by-design principles are effectively applied across products, platforms, and operations.

The BISO operates as a subject-matter expert, independently handling complex security tasks, analyzing risk, and supporting remediation efforts. The role regularly provides technical guidance, mentoring, and influence to engineers, architects, and product teams, but does not carry formal people management or executive decision-making authority

Typical activities include conducting and supporting risk assessments, reviewing security architecture and controls, assisting with incident response analysis, validating compliance evidence, and identifying patterns or gaps that require corrective action. Risk at this level is associated with incomplete implementation of controls, misinterpretation of findings, or delayed remediation, which the role mitigates through strong technical judgment and collaboration.

The BISO collaborates closely with Business Unit technology teams and enterprise security partners, helping ensure alignment with Pearson security standards while enabling innovation and customer trust.

Key Responsibilities

Security Advisory & Business Support

Act as a primary cybersecurity subject-matter expert for assigned Business Unit initiatives and technology teams.

Provide practical security guidance that helps teams design, build, and operate secure systems and products.

Support business and technology stakeholders by translating security requirements into actionable technical controls.

Risk Assessment & Management

Conduct and support security risk assessments, threat modeling, and control evaluations.

Partners with technology leads to identify, document, and track remediation actions for security risks.

Escalate material risks to appropriate enterprise security stakeholders when needed, ensuring accurate documentation and follow-through.

Secure Delivery & Change Enablement

Support the adoption of security-by-design practices throughout the technology and product lifecycles.

Review solution designs, architectures, and implementations to validate alignment with Pearson security standards.

Assist teams in understanding and integrating new security controls, tools, or processes.

Incident & Issue Support

Provide technical expertise during security incidents, investigations, and post-incident reviews.

Contribute to incident documentation, root cause analysis, and lessons learned, recommending improvements to prevent recurrence.

Assist with remediation of vulnerability findings and security issues.

Collaboration & Influence

Work closely with product managers, engineers, architects, and security colleagues to embed security controls into delivery workflows.

Serve as a trusted point of contact for security-related questions from internal teams and stakeholders.

Influence outcomes through expertise, data, and recommendations rather than authority.

Metrics, Documentation & Continuous Improvement

Contribute to security reporting, metrics, and dashboards by validating data accuracy and highlighting trends.

Identify recurring control gaps or process issues and recommend practical improvements

Support audits and compliance activities by preparing and reviewing evidence and responses.

Education

Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field preferred

Equivalent practical experience will be considered.

Experience

6–9 years of experience in cybersecurity, information security, IT risk, or related technical roles.

Demonstrated experience performing risk assessments, security reviews, vulnerability management, or incident support

Experience working with cross-functional technology teams in SaaS, platform, or enterprise environments

Proven ability to work independently on complex problems and influence outcomes through expertise

Experience working with Business Intelligence tools, Risk Management platforms and Vulnerability Management tools, CSPM, ASPM, CNAP etc.

Certifications (Preferred, Not Required)

CISSP, CISM, CRISC, or equivalent security certifications.

Cloud or platform security certifications are a plus.

Skills

Technical Expertise: Strong understanding of security controls, risk management, and secure system design.

Analytical Judgment: Ability to assess complex security findings and recommend effective remediation.

Influence & Collaboration: Works effectively across teams without formal authority.

Communication: Clearly explains security risks and solutions to technical and non-technical audiences.

Problem Solving: Independently addresses complex issues and identifies patterns and improvements.

Key Attributes

Credibility: Recognized as a knowledgeable and reliable security specialist.

Accountability: Follows through on risk and remediation activities with rigor.

Curiosity: Continuously develops cybersecurity expertise and stays current with evolving threats.

Collaboration: Builds strong working relationships across engineering, product, and security teams.

Impact-Oriented: Focuses on practical, risk-reducing outcomes that support the business.