×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Director, Business Information Security Officer; BISO

Job in Sunnyvale, Santa Clara County, California, 94087, USA
Listing for: Proofpoint
Full Time position
Listed on 2026-06-18
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 150000 - 200000 USD Yearly USD 150000.00 200000.00 YEAR
Job Description & How to Apply Below
Position: Senior Director, Business Information Security Officer (BISO)

Senior Director, Business Information Security Officer (BISO) – Product & Engineering

Location:

Sunnyvale, CA
• Department:
Information Security


Reports to:

Chief Information Security Officer (CISO).

Job Summary

The Senior Director, Business Information Security Officer (BISO) for Product & Engineering is a senior leadership role responsible for driving security alignment, governance, and risk management across Proofpoint’s product and engineering organizations. This role serves as a trusted advisor and strategic partner to Product and Engineering leadership, ensuring that security policies, standards, and risk‑management practices are effectively defined, adopted, and operationalized within the software development lifecycle, enabling secure‑by‑design product development at scale.

Key Responsibilities
  • Strategic Security Partnership with Product & Engineering
    • Act as the primary security advisor to Product Management and Engineering leadership.
    • Align enterprise security strategy with product roadmaps, architecture decisions, and engineering priorities.
    • Ensure security considerations are incorporated early in product design and planning processes.
    • Translate technical security risks into product, customer, and business impact to support decision‑making.
  • Security Policy, Standards & Governance
    • Define and maintain product and application security policies, standards, and guardrails aligned with industry best practices.
    • Establish clear security requirements for the SDLC, including secure coding, testing, and release expectations.
    • Partner with Product & Engineering to operationalize these standards within developer workflows and tooling.
    • Drive consistent adoption and enforcement of security policies across all product teams.
  • Product Security Risk Management & Oversight
    • Establish a product‑centric risk‑management framework, including risk identification, prioritization, and reporting.
    • Ensure product and engineering teams appropriately assess, prioritize, and remediate vulnerabilities and design risks.
    • Provide governance over risk acceptance decisions, ensuring alignment with business risk tolerance.
    • Deliver clear visibility of product security risk posture to executive leadership.
  • Secure Development Enablement
    • Promote adoption of secure‑by‑design and secure‑by‑default principles.
    • Ensure integration of security practices into SDLC and CI/CD pipelines (e.g., threat modeling, SAST/DAST, code reviews).
    • Advocate for scalable security tooling and automation that align with engineering workflows.
    • Monitor and report on adherence to secure development standards.
  • Security Architecture & Design Influence
    • Provide security guidance on product and platform architecture decisions.
    • Promote use of secure design patterns, reference architectures, and reusable controls.
    • Partner with engineering teams to evaluate and securely adopt new technologies, including cloud‑native and AI/GenAI capabilities.
  • Security Incident & Vulnerability Governance (Product‑Focused)
    • Act as the business‑facing security lead during significant product‑related vulnerabilities or incidents.
    • Ensure effective coordination and communication between security teams and product/engineering stakeholders.
    • Provide oversight on prioritization and remediation of critical vulnerabilities.
  • Cross‑Functional Collaboration
    • Build strong partnerships with Product Management, Engineering, Product Security, GRC, and Security Operations.
    • Ensure security requirements are clearly defined, understood, and actionable within engineering processes.
    • Act as the translation layer between technical security teams and business/product leadership.
  • Customer Trust & Product Security Representation
    • Partner with Product and GTM teams to represent Proofpoint’s product security posture in customer engagements.
    • Support security reviews, audits, and customer inquiries related to product security.
    • Ensure alignment between product security practices and customer expectations.
  • Innovation & Emerging Technologies
    • Stay current with emerging threats and vulnerabilities relevant to SaaS and cloud‑native products.
    • Ensure new product initiatives (e.g., AI/GenAI) incorporate appropriate security controls and governance.
    • Drive…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search