Business Information Security Officer – BISO

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Collaborate with leaders, product owners, and engineering teams to identify, evaluate, and prioritize information security risks, converting technical threats into business impacts and actionable mitigation strategies.

• Act as the primary point of contact for security, offering strategic advice on security architecture, secure-by-design principles, threat modeling, and risk acceptance decisions for new products, features, and technology investments.

• Oversee security risk assessments for significant business initiatives and projects, M&A activities, third-party integrations, and cloud migrations, ensuring compliance with certifications (SOC 2, PCI-DSS), regulatory and client requirements, as well as internal security policies.

• Lead the implementation and ongoing enhancement of security controls, governance frameworks, and KPIs/KRIs, providing reports on the security posture of business units to executive leadership and relevant risk committees.

• Promote security awareness and culture throughout business units by spearheading training initiatives, tabletop exercises, and incident response simulations, while also facilitating real incident response coordination between business stakeholders and central security teams.

⛳️ Requirements

• A Bachelor's degree in Computer Science, Information Security, Cybersecurity, Information Systems, Engineering, or a related discipline. Relevant certifications such as CISSP, CISM, CRISC, CCSP, CISA, or cloud-specific security certifications (AWS/Azure/GCP) are highly preferred.

• Proficient in the English language, with the capability to convey security concepts effectively to both technical and non-technical audiences, including executive leadership.

• Extensive experience (8+ years) in information security, with a minimum of 3 years in security consulting, security architecture, or a senior Governance, Risk, and Compliance (GRC) role, preferably supporting product-driven or cloud-native organizations.

• Knowledgeable in security frameworks and standards, risk management methodologies, threat modeling, secure Software Development Life Cycle (SDLC) practices, and cloud security architecture.

• Familiar with Product and Cloud Engineering companies, including contemporary development practices such as DevSecOps, CI/CD pipelines, microservices, Kubernetes, infrastructure-as-code, and API security, and understanding how to integrate security without hindering delivery.

• Capable of working independently and managing multiple projects/roles concurrently, effectively balancing competing priorities across business units while maintaining strong stakeholder relationships and a strategic, outcomes-oriented approach.

🏝️ Benefits

• N/A