Business Information Security Officer (BISO)

TL;DR

Business Information Security Officer (BISO): Developing and executing information security strategy across technology, process, and culture with an accent on enterprise security architecture standards, compliance programs, and risk/vulnerability management. Focus on driving incident response, data loss prevention, and regulatory/client reporting while evolving security direction to meet domestic and international cyber security and privacy requirements.

Location: San Diego, California, United States

Salary: $150,000–$190,000

Company

hirify.global delivers secure digital business enablement across data center, network, security, cloud, and communications domains.

What you will do

• Develop, drive, and implement client overall information security program (goals, objectives, policies) and set departmental priorities.
• Define consistent security architecture standards and implement technical controls aligned with best-in-class security and privacy practices.
• Lead domestic and international security initiatives to meet emerging cybersecurity requirements, data protection, and privacy laws.
• Implement and coordinate approved security policies and procedures; monitor compliance including third-party compliance.
• Oversee incident response planning, data loss prevention, and breach remediation as the focal point for response delivery.
• Run ongoing risk assessments and vulnerability testing; ensure remediation plans for high-risk applications are tracked to completion.

Requirements

• Cyber compliance and regulatory compliance experience specifically with NIST 800-171, CMMC, and DFARS.
• 10+ years of cybersecurity experience, ideally in the oil industry or Defense Industrial Base sector, with a background in security and compliance.
• Proven ability to assess threats and vulnerabilities from both business and technical perspectives.
• Experience building a strategic, comprehensive enterprise information security, IT risk, and privacy management program.
• Ability to communicate and engage effectively with technical and non-technical audiences, including executives and vendors/providers.
• Self-starter who can lead tasks independently.

Culture & Benefits

• 100% paid medical, dental, and vision for the employee.
• 401(k) with employer match and performance bonuses.
• Flexible PTO and flexible working arrangements, plus an annual company overnight retreat.
• Culture focused on innovation, collaboration, and accountability.

Hiring process

• Interviews to evaluate cybersecurity/compliance experience and ability to drive security strategy and programs.
• Discussion of experience with NIST 800-171, CMMC, DFARS, risk assessments, and incident response.