Business Information Security Officer
Dolby Laboratories · San Francisco, CA · 1 wk ago
HybridInformation Technology$171k–$234k/yrFull-time
Key Responsibilities
- Serve as the trusted cybersecurity advisor to Business Unit / Region leadership, participating in BU leadership forums, planning cycles, and governance routines.
- Translate Dolby’s global cybersecurity strategy, policies, and standards into actionable, BU-specific roadmaps and controls.
- Ensure security is integrated into business strategy and major initiatives from inception through execution.
- Act as the “voice of the business” to the CISO, ensuring security investments, priorities, and controls reflect BU realities and objectives.
- Lead or coordinate cybersecurity risk assessments for the BU, including applications, products, processes, and critical assets, using approved risk methodologies.
- Facilitate identification, evaluation, treatment, and tracking of cyber risks; work with risk owners to define and implement remediation plans and risk acceptances.
- Support compliance with relevant regulatory, legal, and contractual requirements (e.g., SOX, GDPR, ISO 27001, TISAX, NIST CSF, etc.), coordinating with Legal, Compliance, Privacy, and Internal Audit as needed.
- Prepare for and support internal and external audits, certifications, and regulatory examinations impacting the BU.
- Embed security-by-design principles into BU projects, products, and services; ensure appropriate security requirements, architecture reviews, and testing are performed.
- Partner with Enterprise/Security Architecture and Engineering teams to ensure BU solutions align with reference architectures, standards, and patterns.
- Review and advise on security aspects of solution designs, change requests, and exceptions, balancing business agility with risk reduction.
- Act as the primary BU point of contact for security incidents, data breaches, and significant vulnerabilities; coordinate with the SOC, IR team, and business stakeholders.
- Support post-incident reviews, lessons learned, and tracking of corrective actions within the BU.
- Support or lead security risk assessments of key third-party vendors, partners, and service providers used by the BU, in coordination with central Third-Party Risk Management.
- Review and advise on contractual security requirements and SLAs for BU vendors and partners.
- Monitor and help remediate third-party security gaps that could affect BU operations, data, or customers.
- Champion a culture of shared responsibility for cybersecurity within the BU; make security understandable, relevant, and actionable for non-technical stakeholders.
- Partner with central security awareness teams to tailor and deliver BU-specific training, phishing simulations, workshops, and communications.
- Provide targeted guidance to high-risk roles (e.g., developers, privileged admins, sales with access to sensitive data, executives) on secure behaviors and practices.
Risk Management & Compliance
- Develop and maintain BU-level security and risk metrics (KPIs/KRIs) aligned with enterprise dashboards and frameworks.
- Provide regular reporting to BU leadership and the CISO on cyber risk posture, control effectiveness, incidents, exceptions, and remediation progress.
- Use data to support risk-based decision-making and to demonstrate the value and impact of security investments within the BU.
Metrics, Reporting, and Performance Management
- Develop and maintain BU-level security and risk metrics (KPIs/KRIs) aligned with enterprise dashboards and frameworks.
- Provide regular reporting to BU leadership and the CISO on cyber risk posture, control effectiveness, incidents, exceptions, and remediation progress.
- Use data to support risk-based decision-making and to demonstrate the value and impact of security investments within the BU.
Stakeholder Management and Leadership
- Build strong relationships with BU leaders, product owners, IT, engineering, finance, people, marketing, legal, and other stakeholders to drive alignment and shared outcomes.
- Mediate between cybersecurity teams and business teams to resolve conflicts, clarify requirements, and negotiate risk-appropriate solutions.
- Mentor and influence cross-functional teams within the BUs to improve their understanding of cyber risk and their role in managing it.
Experience
- 8+ years of progressive experience in information/cybersecurity, IT risk, technology, or related roles, with significant exposure to business stakeholders.
- Demonstrated experience in at least two of the following domains: security architecture/engineering, security operations, GRC, application security, cloud security, or data protection.
- Proven track record functioning as a security or technology partner to business units, product lines, or regions (e.g., BISO, Security Business Partner, Security Architect, Risk Partner).
- Experience working within established frameworks such as ISO 27001/2, NIST CSF, NIST 800-53/171, or similar.
- Experience in a regulated industry is highly desirable.
Skills and Competencies
- Technical & Risk Skills: Broad understanding of information security domains: network and cloud security, identity and access management, application security, data protection, vulnerability management, incident response, and security monitoring.
- Strong knowledge of risk management principles, control design, and assessment methodologies.
- Familiarity with regulatory requirements and standards relevant to the organization’s industry and geographies (e.g., SOX, GDPR, ISO 27001, TISAX, NIST CSF, sectoral regulations, etc.).
- Business & Interpersonal Skills: Strong business acumen with the ability to understand BU strategy, value chains, and operating models, and to align security accordingly.
- Exceptional communication skills, capable of translating technical risks into business language and vice versa, and tailoring messages to executives, technical teams, and frontline staff.
- Prominent ability to influence, negotiate, and drive consensus without direct authority; comfortable operating in a matrixed environment.
- High degree of integrity, judgment, and professionalism; able to handle sensitive issues and confidential information appropriately.