Business Information Security Officer

Business Information Security Officer (BISO)

• Act as the

  trusted advisor and security leader

  for designated business units or functions.
• Align security strategy with

  business goals

  , ensuring risk is proactively identified and mitigated.
• Partner with business executives, product leaders, and engineering teams to

  embed security into the development lifecycle and operations

  .
• support secure software development & Dev/Sec Ops for India based teams (coordinate through enterprise teams), data protection & privacy for insurance data in India, India specific vendor & third party risk management

Risk Management & Governance

• Lead

  risk assessments

  , threat modelling, and security posture reviews for key projects and processes.
• Third party risk management, and talent development & cybersecurity awareness in India
• Identify, prioritize, and communicate

  cybersecurity risks

  relevant to business functions.
• Ensure adherence to

  regulatory requirements (e.g., ISO 27001, SOC2, PCI-DSS, NIST)

  and internal security standards.
• Aligning security policies with Indian regulations and global insurance standards.

Security Programs & Initiatives

• Influence and drive security initiatives including

  cloud security, third-party risk, access controls, and data protection

  .
• Serve as the

  interface between business leadership and the InfoSec organization

  , translating technical risks into business impact language.
• Guide incident response and business continuity planning for critical business functions.

Culture, Awareness & Stakeholder Engagement

• Develop and deliver

  targeted security awareness programs

  for business unit personnel.
• Facilitate

  executive-level reporting and briefings

  on security posture, metrics, and risks.
• Foster a

  risk-aware, security-conscious culture

  across teams.

Qualifications

• 15+ years of experience in

  information security

  , IT risk management, or cyber risk consulting.
• At least 5+ years in

  leadership roles

  interfacing with executive business stakeholders.
• Proven experience in highly regulated industries (e.g., banking, insurance, healthcare, or technology).
• Experience with

  security in hybrid or cloud-native environments

  (e.g., AWS, Azure, GCP).

Education & Certifications

• Bachelors or Masters in Computer Science, Information Security, or related field.

• Preferred certifications

  : CISSP, CISM, CRISC, or CISA.

•  Key Competencies

• Deep knowledge of

  enterprise security architecture, cloud security, and data governance

  .
• Strong business acumen with ability to

  translate security into strategic risk insights

  .
• Excellent communication, influencing, and stakeholder management skills.
• Ability to balance

  risk mitigation with business enablement

  .

Key Success Metrics

• Business unit security posture improvement
• Risk reduction aligned to business initiatives
• Timely identification and resolution of security issues
• Executive stakeholder satisfaction and partnership quality

1