Business Information Security Officer (BISO)

Summary

The Information Security Business Advisor plays a critical role in bridging the gap between the cybersecurity and business. This position is designed to ensure that information security practices align with business objectives while protecting sensitive data and systems from cyber threats. The Information Security Business Advisor works closely with IT leadership, business leads, and security teams to identify and mitigate security risks, support compliance, and foster a culture of security across the organization. The idea candidate will have a strong technical foundational with cyber risk management experience that can partner with the Business to deliver secure outcomes.

The salary range for this position is $126,000 - $190,000 per year, based on experience and qualifications with annual bonus available (variable depending on performance). 

In addition to the base salary, Perdue offers a competitive benefits package, including medical/Rx, 401(k) with employer match after 1 year, critical illness, accident insurance, dental, vison, life insurance, optional group life insurance, short-term and long-term disability protection, flexible spending accounts and paid time off.  

This position is based at Corporate Headquarters in Salisbury, MD.

Principal and Essential Duties & Responsibilities

• Representing the Chief Information Security Officer (CISO) to Perdue’s business units, delivering comprehensive risk assessment and mitigation strategies to improve the overall cybersecurity maturity and posture of the company.
• Coordinating the delivery of cyber service(s) to improve risk understanding and cyber-strategies across the enterprise.
• Serve as a technical leader for periodic information system and application risk assessments, including those associated with the development of new or significantly improved business applications.
• Serve as a security advisor to business leadership, helping them navigate complex cybersecurity challenges and decision-making processes.
• Briefing business leadership and IT leaders on cybersecurity threats, initiatives, open risks, and serving as a liaison to capture information on technology strategies within support business lines.
• Providing IT and business management with security guidance for selecting technology products, as well as ongoing integrations and improvements of such products.
• Drive execution of internal cyber security services, projects, and assessments where needed to deliver capabilities to the business or internal cyber team to enhancing cyber capabilities.
• Assessing and qualifying risk related to third party services and supporting the Third-Party Risk Management program, including driving remediation of findings and supporting contract negotiations.
• Coordinating the delivery of cyber services to improve risk understanding and cyber-strategies across the enterprise.
• Act as a liaison during security incidents, helping business units respond effectively and minimize operational disruptions.
• Lead post-incident reviews to identify root causes and recommend changes to improve the organization’s security posture.
• Interpreting information security policies, standards (i.e. NIST, OWASP, PCI etc.), with respect to specific internal information systems and assisting with implementation.
• Monitoring current and proposed laws, regulations, industry standards and ethical requirements related to IT risk, information security and privacy.

Minimum Education and Experience

•  
• Bachelor’s Degree or equivalent experience in Information Security, Computer Science, or related field.
• 10-15 years of relevant professional experience, including 5+ years in impactful roles interacting with senior stakeholders in a cyber security or technology function.
• At least one of the following: Certified Information System Security Professional (CISSP), Certified Information System Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or similar certification.
• Proven experience in working with business leaders and functional teams to integrate security into business processes and decisions.
• Strong project management skills with the ability to lead cross-functional teams and drive security initiatives to completion.
• Proficiency in information security domains, including risk and control assessments, policies and standards, secure systems development lifecycle, regulatory compliance, access controls, incident management, vulnerability management, and data protection.
• Detailed understanding of IT information security fundamentals, risk assessment and risk management fundamentals, defense-in-depth practices, modern networking technologies and IT security controls.
• Experience engaging vendors and consultants to execute cyber assessments.
• Experience with one more of the following industry regulations and frameworks, NIST CSF, NIST 800, PCI-DSS, HIPAA, DHS-CFATS

Key Attributes:

• Strategic thinker with the ability to communicate and influence at both technical team and senior management levels.
• Strong familiarity with information, application, and infrastructure security control mechanisms.
• Strong understanding of privacy laws, data protection regulations, breach notification practices, and incident response management.
• Ability to act as a trusted advisor and partner.

Environmental Factors and Physical Requirements

Position is mostly sedentary but may require occasional moving to other offices or buildings.  May need to move light equipment or supplies from one place to another. May need to access files, supplies and equipment.