Job Summary

Job Title: Business Information Security Officer (BISO / BSO) Role Summary The Business Information Security Officer (BISO/BSO) serves as the primary security liaison between the business, enterprise security, and GRC functions. The role ensures that information security risks are appropriately identified, assessed by accountable teams (e.g., GRC, vendor risk, compliance), clearly communicated to business stakeholders, and effectively acted upon. The BISO enables secure-by-design execution across business initiatives while ensuring alignment with enterprise security frameworks and regulatory requirements such as ISO 27001, SOC 2, NIST, and FedRAMP. Key Responsibilities 1. Secure-by-Design Advisory & Consulting Act as a trusted security advisor to business and delivery teams, embedding security-by-design principles into initiatives from early design stages. Translate enterprise security standards and regulatory requirements (ISO 27001, SOC 2, NIST, FedRAMP) into actionable guidance and security user stories. Collaborate with architecture, engineering, and security teams to ensure security requirements are understood and incorporated into solution design. 2. SDLC Security Enablement (Coordination Role) Ensure security requirements are integrated into SDLC processes for in-scope applications. Coordinate with GRC, application security, and engineering teams to ensure security assessments, control validation, and remediation activities are executed. Track security findings and ensure remediation plans are clearly understood and actioned by delivery teams. 3. Third-Party Risk & Due Diligence Coordination Act as the business-facing liaison for third-party risk management activities conducted by GRC and vendor risk teams. Ensure due diligence requests are completed by relevant stakeholders and that outcomes are communicated in business terms. Facilitate business understanding of vendor risk posture and support informed risk decisions. 4. Divestiture / Transformation Support (Orthopedic Programs) Support security activities for orthopedic divestiture and transformation initiatives. Coordinate across IT, GRC, security, and business teams to ensure security requirements are addressed during transition planning and execution. Ensure alignment with enterprise security frameworks and regulatory obligations throughout the transformation lifecycle. 5. Physical Site Security Coordination Support physical security assessments for scoped orthopedic sites conducted by appropriate security teams. Ensure findings, gaps, and remediation actions are clearly communicated to business and site leadership. Track remediation progress and support closure of identified risks. 6. Risk Governance, Communication & Collaboration Facilitate security risk acknowledgement and decision-making discussions between GRC and business stakeholders. Ensure risks, control gaps, and mitigation plans are clearly understood and appropriately documented. Enable risk acceptance processes by ensuring business stakeholders are informed and aligned. Collaborate across multiple teams (GRC, IT, engineering, legal, compliance, and business units) to ensure coordinated security outcomes.

Key Responsibilities

Key Deliverables Security-by-design guidance aligned to ISO 27001, SOC 2, NIST, and FedRAMP frameworks Coordinated tracking of SDLC security activities and remediation status Third-party risk communication summaries (from GRC outputs) Divestiture security coordination artifacts and transition support documentation Physical site assessment coordination reports and action tracking Risk acknowledgement and acceptance documentation Executive-level security status reporting for business stakeholders Core Competencies Strong understanding of enterprise security frameworks: ISO 27001, SOC 2, NIST, FedRAMP Excellent stakeholder management and cross-functional collaboration skills Ability to translate technical risk into business impact and decision-ready language Strong coordination and facilitation capability (not execution ownership of assessments) Familiarity with SDLC, application security, and enterprise risk management concepts Ability to operate effectively in complex, matrixed organizations Preferred Experience Prior experience in BISO / BSO / security advisory / risk liaison roles Experience in regulated or large enterprise environments Exposure to transformation programs (divestiture, mergers, large-scale transitions) Working knowledge of cloud and hybrid environments aligned to compliance frameworks

Skill Requirements

1. Excellent Knowledge Of Security Technologies, Grc Platforms (Such As Archer, Servicenow Grc), And Security Operations Processes.
2. Advanced Skills In Developing And Presenting Security Solution Proposals, Including Technical Documentation And ExecutiveLevel Presentations.
3. Excellent Communication, Stakeholder Management, And Leadership Skills, With The Ability To Drive HighImpact Initiatives And Mentor Teams.
4. Strong Analytical And ProblemSolving Abilities In The Context Of Security And Grc Operations.

Other Requirements

1. Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) � optional but valuable.
2. Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA) � optional but valuable