Serve as the strategic bridge between business/IT stakeholders and security teams
Own and drive secure architecture reviews
Evaluate proposed technical designs and system integrations
Support comprehensive risk assessments — including threat modeling, control gap analysis
Propose and validate risk mitigation and treatment strategies
Support and advance the organization's Governance, Risk, and Compliance (GRC) program
Act as the authoritative resource for security architecture and risk management across business initiatives
Communicate complex security architecture risks and GRC findings into business terms
Drive the development and maintenance of dashboards and reports tracking key risk indicators

Bachelor's degree in Information Security, Computer Science, Risk Management, or a related field
7–10 years of progressive experience in security architecture, IT risk management, and/or GRC
Deep knowledge of cybersecurity frameworks and regulatory standards including OWASP, NIST CSF, NIST 800-53, ISO 27001/27002, SOC 2, GDPR, and HIPAA
Demonstrated experience designing and reviewing secure architectures across cloud (AWS, Azure, GCP), hybrid, and on-premises environments
Proven ability to conduct threat modeling, risk quantification, and control assessments for complex enterprise environments
Hands-on experience with GRC platforms and tools (e.g., ServiceNow, Archer, OneTrust, or similar)
Ability to influence cross-functional teams and communicate security architecture and risk concepts — both verbally and in writing — to business leaders, technical teams, and executive stakeholders
Experience developing and maintaining security policies, standards, and risk registers

BISO Lead

Key skills