Job Description

Senior Manager (level) Program Leader / Business Information Security Officer

• Full-time/Regular/Direct Hire role
• No VISA Sponsorship / US Citizen or Green Card holders only
  
• Location: (Remote - Occasional onsite in Malvern, PA)
• Travel (2-3 days/per year)

We are seeking an experienced Business Information Security Officer (BISO) Program Leader to oversee and enhance a business-aligned security program within a large enterprise environment. This senior leadership role acts as a trusted advisor between business units, risk teams, and security organizations to guide cybersecurity strategy, governance, and risk mitigation initiatives.

The Program Leader will manage program operations, scale security initiatives across multiple business areas, and provide thought leadership to improve security maturity and operational efficiency.

Key Responsibilities:

• Lead a team providing consulting and advisory services to business units, ensuring alignment between security initiatives and organizational goals.
• Embed security risk management into core business processes; identify, prioritize, and mitigate security risks collaboratively with business and security partners.
• Advise on the organizations security risk posture; develop and communicate metrics, dashboards, and executive reports to senior leadership.
• Define security goals and acceptable risk parameters; recommend changes to processes, systems, platforms, and technology based on risk assessments.
• Coordinate enterprise security policies, gather input from business stakeholders, and guide policy updates or changes.
• Monitor and share emerging security trends with peers and industry specialists to maintain a forward-looking security posture.
• Drive the evolution of the business information security program through strategic initiatives and best practices.

Qualifications:

Experience & Education:

• 8+ years of relevant experience, with at least 3 years in security and compliance leadership roles.

• Undergraduate degree required; graduate degree preferred.

Certifications:

• CISSP and/or CISM required within the first year of employment.

Skills & Expertise:

• Proven experience designing, implementing, and scaling a BISO or similar business-aligned security program.
• Deep understanding of risk management frameworks, regulatory requirements (e.g., SOX, HIPAA, GDPR), and enterprise control environments.
• Strong business acumen with the ability to translate security needs into actionable, business-relevant strategies.
• Familiarity with security frameworks (NIST CSF, ISO 27001, CIS Controls) and enterprise security tools (SIEM, DLP, IAM). AI security knowledge is a plus.
• Experienced in establishing governance, performance metrics, and maturity models to track program effectiveness.
• Exceptional communication, influencing, and stakeholder engagement skills.
• Proven project and resource management experience, including budget oversight and leading cross-functional teams.

Keywords (ATS-friendly): BISO, Business Information Security Officer, Security Program Management, Enterprise Security, Cybersecurity, Risk Management, Governance, Compliance, Security Frameworks, NIST CSF, ISO 27001, CIS Controls, SIEM, DLP, IAM