Senior Director, Business Information Security Officer; BISO

About Us

Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is to safeguard the digital world and empower people to work securely and confidently.

At Proofpoint you’ll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values:

• Bold in how we dream and innovate
• Responsive to feedback, challenges and opportunities
• Accountable for results and best in class outcomes
• Visionary in future‑focused problem‑solving
• Exceptional in execution and impact

Proofpoint is a leading cybersecurity company focused on protecting organizations’ greatest assets—their people. Through advanced threat intelligence, protection, and mitigation services, we safeguard sensitive information from today’s most sophisticated attacks. As the Senior Director, BISO, you will play a key role in ensuring that security enables product innovation, engineering velocity, and customer trust.

The Senior Director, Business Information Security Officer (BISO) for Product & Engineering is a senior leadership role responsible for driving security alignment, governance, and risk management across Proofpoint’s product and engineering organizations. This role serves as a trusted advisor and strategic partner to Product and Engineering leadership, ensuring that security policies, standards, and risk management practices are effectively defined, adopted, and operationalized within the software development lifecycle.

The BISO is accountable for ensuring that product and engineering teams understand, adopt, and adhere to security requirements, enabling secure‑by‑design product development at scale.

• Act as the primary security advisor to Product Management and Engineering leadership.
• Align enterprise security strategy with product roadmaps, architecture decisions, and engineering priorities.
• Ensure security considerations are incorporated early in product design and planning processes.
• Translate technical security risks into product, customer, and business impact to support decision‑making.

• Define and maintain product and application security policies, standards, and guardrails aligned with industry best practices.
• Establish clear security requirements for the SDLC, including secure coding, testing, and release expectations.
• Partner with Product & Engineering to operationalize these standards within developer workflows and tooling.
• Drive consistent adoption and enforcement of security policies across all product teams.

• Establish a product‑centric risk management framework, including risk identification, prioritization, and reporting.
• Ensure product and engineering teams appropriately assess, prioritize, and remediate vulnerabilities and design risks.
• Provide governance over risk acceptance decisions, ensuring alignment with business risk tolerance.
• Deliver clear visibility of product security risk posture to executive leadership.

• Partner with Product Security and Engineering teams to promote adoption of secure‑by‑design and secure‑by‑default principles.
• Ensure integration of security practices into SDLC and CI/CD pipelines (e.g., threat modeling, SAST/DAST, code reviews).
• Advocate for scalable security tooling and automation that align with engineering workflows.
• Monitor and report on adherence to secure development standards.

• Provide security guidance on product and platform architecture decisions.
• Promote the use of secure design patterns, reference architectures, and reusable controls.
• Partner with engineering teams to evaluate and securely adopt new technologies, including cloud‑native and AI/GenAI capabilities.