Cyber Security Business Information Officer (BISO)

Are you ready to embed security by design and influence risk decisions at enterprise scale? Can you partner with senior leaders to turn cyber risk into trusted business outcomes? About Our Team The Business Information Security Office (BISO) team partners with business, product, and technology leaders to deliver measurable security outcomes that support enterprise objectives. We focus on managing complex risk, embedding secure‑by‑design practices, and driving long‑term cybersecurity maturity. Our work enables trusted innovation, operational resilience, and informed risk decision‑making across the organization. About the Role As a Business Information Security Officer (BISO), you act as the primary security partner for assigned business units, bridging business strategy and enterprise cybersecurity. You are accountable for planning and executing security initiatives that reduce risk, strengthen cyber defenses, and enable delivery at scale. The role is highly collaborative, advisory, and outcome‑focused—ensuring security is embedded early and pragmatically across products, platforms, and major initiatives. Responsibilities: Act as the primary security partner for assigned business units, building trusted senior stakeholder relationships. Embed security early into business initiatives, product development, and technology delivery. Sponsor and support enterprise and business‑aligned security initiatives end‑to‑end. Provide expert security guidance across concurrent IT, engineering, and business projects. Oversee security assessments including vulnerability management, penetration testing, and third‑party risk. Translate security findings into prioritized, actionable remediation plans with clear ownership. Provide security input into solution architecture and major technology decisions. Serve as the security point of contact for customer‑facing inquiries, audits, and due‑diligence. Identify, document, and govern cyber risks, supporting risk acceptance and escalation processes. Develop and report meaningful security metrics to inform leadership decisions and continuous improvement. Requirements: Several years’ experience in a BISO or senior security leadership / advisory role. Strong cloud and application security experience (AWS, Azure, GCP; secure SDLC). Hands‑on knowledge of security tooling (SIEM, SOAR, EDR/XDR, CSPM, SAST/DAST). Experience embedding security into CI/CD pipelines and DevSecOps practices. Proven capability in risk assessments, threat modeling, and control gap analysis. Experience collaborating with SOC and Incident Response teams during security events. Working knowledge of security frameworks and regulations (NIST, ISO 27001, CIS, GDPR, etc.). Ability to translate technical risk into clear, business‑relevant language. Strong stakeholder management skills with the ability to influence without authority. Bachelor’s degree in Engineering, Computer Science, or equivalent experience, plus relevant certifications (CISSP, CISM, GIAC, or similar). We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location. We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120. Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here. Please read our Candidate Privacy Policy. We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. USA Job Seekers: EEO Know Your Rights. Elsevier is a global leader in advanced information and decision support for science and healthcare. We believe that by working together with the communities we serve, we can shape human progress to go further, happen faster, and benefit all. We support continuous discovery and uphold the highest standards of content integrity, reliability, and reproducibility so the communities we serve can advance their field of science, healthcare or innovation with confidence. By combining high-quality content with powerful analytics, we transform complexity into clarity and deliver mission-critical insights that help professionals make better decisions when it matters most. We deliver insights that help research institutions, governments, and funders achieve their goals. We help researchers discover and share knowledge, collaborate, and accelerate innovation. We help librarians provide verified, quality information to universities. We help innovators turn knowledge into new products. We help health professionals improve patient care and educators train the next generation of doctors and nurses. Connecting quality content and innovative technologies, we make progress go further and happen faster. And by championing inclusion and sustainability, we ensure progress benefits all. With 9,500 employees, over 2,300 technologists in 5 major tech hubs, and more than 60 locations across the globe, we are committed to supporting the scientific and healthcare communities around the world. We offer a diverse range of opportunities across technology, commercial, business, and early career jobs. If you are looking for a career that inspires progress in science, innovation and health, and allows you to grow every day, find your team at Elsevier. Elsevier is part of RELX Group. Let’s shape progress together. Join us. elsevier.com/about/careers