Director Information Security Risk Management
Indexed description
You will act as the trusted advisor to senior business and technology leaders, translating enterprise security strategy into actionable guidance tailored to secure, cloud platforms and engineering practices. The BISO will drive alignment between business objectives and security requirements, ensuring risks are understood, communicated, and managed within the enterprise risk appetite.
Primary Responsibilities
- Drive Cloud Risk Governance: Establish and enforce cloud-aligned risk frameworks; operationalize controls mapped to standards (NIST, CIS, HIPAA) with measurable effectiveness
- Enable Proactive Risk Management: Leverage automation, analytics, and AI to identify, assess, and prioritize cloud risks for timely mitigation
- Deliver Data-Driven Outcomes: Define and track risk and control metrics; continuously improve vulnerability management and remediation through data-driven practices
- Enable Secure Cloud Engineering: Partner with engineering teams to embed security-by-design in architecture & CI/CD pipelines, ensuring secure configurations and scalable controls
- Act as Trusted Security Advisor: Build solid stakeholder relationships; balance risk, speed, and business priorities while aligning with enterprise strategy and risk appetite
- Primary Security Partner: Act as the single ESRO point of contact for business and cloud engineering; build solid stakeholder relationships
- Drive Security Adoption: Promote cloud security, secure development, and risk-informed decision-making across teams
- Align Security Practices: Integrate IRM objectives with cloud and engineering workflows; identify and address risks and control gaps
- Deliver Security Services: Lead cloud risk assessments, architecture reviews, compliance (ISMS, HITRUST), and vendor security evaluations
- Manage Demand & Prioritization: Align security efforts with business priorities and optimize resource allocation
- Enable Secure Cloud Architecture: Support design and implementation of secure cloud architectures and guardrails (AWS/Azure)
- Ensure Risk-Based Compliance: Enforce policies using a risk-based approach aligned to enterprise risk appetite
- Drive Control Effectiveness: Validate controls and lead remediation to improve security posture and reduce risk
- Provide Practical Advisory: Guide teams on scalable security solutions (IAM, encryption, network, vulnerability remediation)
- Communicate Clearly: Simplify and communicate risks, controls, and actions for technical and non-technical audiences
- Lead Security Initiatives: Drive and track cloud security posture and vulnerability reduction programs
- Support Incident Response: Partner on incident management, root cause analysis, and risk mitigation
- Leadership Contribution: Support broader enterprise security strategy and transformation initiatives
- Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
- 15+ years in Information Security across risk, cloud security, and architecture
- Experience in BISO / Security Consulting / Business Security Partner roles
- Proven experience embedding DevSecOps & security-by-design with engineering teams
- Experience with security assessments (ISMS, HITRUST, cloud, vendor risk)
- Experience improving cloud security posture (IAM, encryption, misconfigurations, network security)
- Exposure to automation/AI-driven risk insights (preferred)
- Solid hands-on expertise in AWS/Azure security architecture and controls
- Solid understanding of vulnerability management and remediation practices
- Familiarity with NIST, ISO 27001, CIS, HIPAA in cloud environments
- Demonstrated ability to translate technical risks into business decisions
- Proven solid stakeholder influence in matrixed/global environments
- Proven excellent communication skills across technical and business audiences
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search