Job Description

This role aligns to industry-level title such as Business Information Security Officer (BISO), is a leadership role focused on providing security guidance to the whole of Pearson. This individual serves as the primary security leader and strategic partner for the assigned Business Unit(s), ensuring cybersecurity is integrated into divisional operations, product delivery, and customer trust.

BISOS are trusted technical leads, regularly delivering complex tasks, leading vulnerability management efforts, and ensuring security architecture is executed to high standards. They are points of contact for teams requiring in-depth guidance on responding to incidents or remediating problematic findings. While acting as technical mentors, their primary attention is on ensuring controls are applied effectively, compliance checks are accurate, and projects achieve desired outcomes with minimal risk. Typical activities involve supporting project planning, drafting incident case reports, and recommending process improvements based on identified trends. Risk at this stage centers on incomplete application of controls or misunderstanding root causes, which could delay remediation or allow issues to persist unnoticed.

This role is responsible for shaping divisional security governance, managing risk, and driving security initiatives that enable innovation while protecting Pearson’s global testing and assessment platform. The BISO will directly engage with Business Unit (BU) leadership and technology teams, while also collaborating with enterprise security and business stakeholders to ensure seamless alignment.

Key Responsibilities:

Strategic Leadership & Business Partnership

• Act as the executive-level cybersecurity advisor to BU leadership, ensuring security priorities align with divisional strategy.
• Serve as the bridge between BU technology teams, divisional stakeholders, and the Office of CISO.

Governance & Alignment

• Lead monthly divisional governance meetings with leadership to report on risks, controls, and ongoing initiatives.
• Ensure consistent alignment between BU and enterprise security objectives, embedding security into the division’s product and technology roadmap.

Risk Management

• Oversee divisional risk assessments and drive mitigation strategies in partnership with technology leads.
• Escalate and track risks to the enterprise level where needed, ensuring visibility and accountability.

Security Change Leadership

• Drive adoption of new security capabilities and processes within the assigned Business Unit or division.
• Ensure security by design is built into technology lifecycle, protecting customer trust and business operations.

Collaboration & Stakeholder Engagement

• Partner with product managers, architects, engineers, and business leaders to integrate security controls into product delivery.
• Serve as the trusted point of contact for security inquiries from regulators, partners, and customers specific to.

Metrics & Reporting

• Develop divisional security dashboards and report progress to enterprise leadership.
• Provide visibility into divisional risk posture, control maturity, and ongoing improvement initiatives.

Education:

• Bachelor’s degree in Cybersecurity, Information Systems, or related field. Master’s degree or MBA strongly preferred.

Experience:

• 10+ years in cybersecurity, IT risk, or related fields.
• 8+ years in senior leadership roles, preferably within high-stakes technology divisions (testing, SaaS, or global platforms).
• Proven success in aligning security strategy with business objectives.
• Experience engaging directly with executive and customer stakeholders.
• CISSP, CISM, CRISC Certifications or equivalent required.

Skills:

• Executive Leadership: Trusted advisor to divisional and enterprise leadership.
• Business Acumen: Deep understanding of business operations and customer trust requirements.
• Risk Expertise: Advanced knowledge of enterprise risk frameworks and divisional application.
• Communication: Executive-level communication with business and technical leaders.
• Change Leadership: Ability to influence divisional adoption of security initiatives.

Key Attributes:

• Credibility: Trusted leader who brings authority and influence to divisional conversations.
• Reliability: Ensures risks and initiatives are managed with rigor and accountability.
• Vision: Shapes business’s security strategy to balance innovation and risk.
• Collaboration: Builds partnerships across business and technical teams.