Role: Business Information Security Officer
Company: Pearson
Location: North Carolina, Durham - Hybrid
Job Overview:
The Business Information Security Officer (BISO) is a key leadership role responsible for ensuring that the cybersecurity strategy aligns with the business objectives. The BISO serves as the primary liaison between the business unit(s) and the cybersecurity organization, facilitating communication, risk management, and the integration of security into business processes and technology solutions. The ideal candidate will possess a blend of technical expertise, business acumen, and strong communication skills.
Key Responsibilities:
Liaison Role: Act as the primary point of contact between the business unit(s) and the cybersecurity organization, ensuring alignment of security initiatives with business goals.
Risk Management: Identify, assess, and communicate cybersecurity risks to business leaders, providing strategic advice on mitigating risks and ensuring compliance with cybersecurity policies and standards.
Consulting and Advising: Provide expert guidance on cybersecurity and compliance matters to business leaders and teams, including advising on security controls, regulatory compliance, and incident response.
Strategic Alignment: Work closely with business leaders to integrate cybersecurity into business processes, technology roadmaps, and projects from inception to completion. Support ongoing security tasks in business-as-usual functions.
Incident Management: Support the organization’s incident response efforts by coordinating with business units to ensure timely and effective response to security incidents.
Security Awareness: Promote and enhance a strong security culture within the business unit(s) by leading security awareness programs and training initiatives.
Third-Party Risk Management: Collaborate with procurement and vendor management teams to assess and manage cybersecurity risks associated with third-party vendors.
Metrics and Reporting: Develop and present cybersecurity metrics and reports to business leaders, ensuring they have the necessary information to make informed decisions.
Continuous Improvement: Stay abreast of the latest cybersecurity trends, threats, and technologies, and continuously seek opportunities to enhance the organization’s security posture.
Qualifications:
Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master’s degree or MBA is a plus.
Experience:
7+ years of experience in cybersecurity, IT risk management or related fields.
5+ years of leadership experience within a business-focused security role.
Proven track record of aligning security strategies with business objectives.
Certifications: Relevant certifications such as CCNA & Microsoft Certified, CISSP, CISM, CRISC, CISA or equivalent are highly desirable but not required.
Skills:
Technical Expertise: Strong understanding of cybersecurity frameworks, technologies, and best practices.
Cisco Infrastructure: Experience with Cisco infrastructure and security capabilities. Detailed experience with Azure, Office 365 and supporting Microsoft technologies.
Business Acumen: Ability to understand and align with the business’s strategic objectives and challenges.
Communication: Excellent verbal and written communication skills, with the ability to translate technical concepts into business language.
Leadership: Proven ability to lead cross-functional teams and influence without direct authority.
Problem-Solving: Strong analytical and problem-solving skills, with a proactive approach to identifying and mitigating risks.
Relationship Management: Ability to build strong relationships with business leaders and stakeholders, fostering trust and collaboration.
Preferred Qualifications:
Experience in the education industry is highly desirable.
Cloud and data quality experience
Knowledge of regulatory requirements relevant to the industry, such as GDPR, HIPAA, PCI-DSS, etc.
Familiar with various NIST frameworks including NIST , NIST 800-30 and NIST RMF.
Experience working in a matrixed organization with multiple lines of business.
Key Attributes:
Credibility: Establishes themselves as a trusted cybersecurity expert within the business.
Reliability: Consistently provides clear, actionable guidance to business partners.
Adaptability: Thrives in a dynamic, fast-paced environment with shifting priorities.
Strategic Vision: Balances short-term needs with long-term objectives, ensuring the security strategy supports business growth and innovation.
What to expect from Pearson
Did you know Pearson is one of the 10 most innovative education companies of 2022?
At Pearson, we add life to a lifetime of learning so everyone can realize the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. We are on a journey to be 100 percent digital to meet the changing needs of the global population by developing a new strategy with ambitious targets. To deliver on our strategic vision, we have five business divisions that are the foundation for the long-term growth of the company: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills and Higher Education. Alongside these, we have our corporate divisions: Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy and Direct to Consumer. Learn more at We are Pearson.
We value the power of an inclusive culture and also a strong sense of belonging. We promote a culture where differences are embraced, opportunities are accessible, consideration and respect are the norm and all individuals are supported in reaching their full potential. Through our talent, we believe that diversity, equity and inclusion make us a more innovative and vibrant place to work. People are at the center, and we are committed to building a workplace where talent can learn, grow and thrive.
Pearson is an Affirmative Action and Equal Opportunity Employer and a member of E-Verify. We want a team that represents a variety of backgrounds, perspectives and skills. The more inclusive we are, the better our work will be. All employment decisions are based on qualifications, merit and business need. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We strive for a workforce that reflects the diversity of our communities.
To learn more about Pearson’s commitment to a diverse and inclusive workforce, navigate to: Diversity, Equity & Inclusion at Pearson.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.
Note that the information you provide will stay confidential and will be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.
Job: GENERAL BUSINESS OPERATIONS
Organization: Corporate Strategy & Technology
Schedule: FULL_TIME
Workplace Type: Hybrid
Req ID: 17402