Jobs · Information Technology · California

Business Information Security Officer

Dolby Laboratories · San Francisco, CA · 1 wk ago
HybridInformation Technology$171k–$234k/yrFull-time

Key Responsibilities

  • Serve as the trusted cybersecurity advisor to Business Unit / Region leadership, participating in BU leadership forums, planning cycles, and governance routines.
  • Translate Dolby’s global cybersecurity strategy, policies, and standards into actionable, BU-specific roadmaps and controls.
  • Ensure security is integrated into business strategy and major initiatives from inception through execution.
  • Act as the “voice of the business” to the CISO, ensuring security investments, priorities, and controls reflect BU realities and objectives.
  • Lead or coordinate cybersecurity risk assessments for the BU, including applications, products, processes, and critical assets, using approved risk methodologies.
  • Facilitate identification, evaluation, treatment, and tracking of cyber risks; work with risk owners to define and implement remediation plans and risk acceptances.
  • Support compliance with relevant regulatory, legal, and contractual requirements (e.g., SOX, GDPR, ISO 27001, TISAX, NIST CSF, etc.), coordinating with Legal, Compliance, Privacy, and Internal Audit as needed.
  • Prepare for and support internal and external audits, certifications, and regulatory examinations impacting the BU.
  • Embed security-by-design principles into BU projects, products, and services; ensure appropriate security requirements, architecture reviews, and testing are performed.
  • Partner with Enterprise/Security Architecture and Engineering teams to ensure BU solutions align with reference architectures, standards, and patterns.
  • Review and advise on security aspects of solution designs, change requests, and exceptions, balancing business agility with risk reduction.
  • Act as the primary BU point of contact for security incidents, data breaches, and significant vulnerabilities; coordinate with the SOC, IR team, and business stakeholders.
  • Support post-incident reviews, lessons learned, and tracking of corrective actions within the BU.
  • Support or lead security risk assessments of key third-party vendors, partners, and service providers used by the BU, in coordination with central Third-Party Risk Management.
  • Review and advise on contractual security requirements and SLAs for BU vendors and partners.
  • Monitor and help remediate third-party security gaps that could affect BU operations, data, or customers.
  • Champion a culture of shared responsibility for cybersecurity within the BU; make security understandable, relevant, and actionable for non-technical stakeholders.
  • Partner with central security awareness teams to tailor and deliver BU-specific training, phishing simulations, workshops, and communications.
  • Provide targeted guidance to high-risk roles (e.g., developers, privileged admins, sales with access to sensitive data, executives) on secure behaviors and practices.

Risk Management & Compliance

  • Develop and maintain BU-level security and risk metrics (KPIs/KRIs) aligned with enterprise dashboards and frameworks.
  • Provide regular reporting to BU leadership and the CISO on cyber risk posture, control effectiveness, incidents, exceptions, and remediation progress.
  • Use data to support risk-based decision-making and to demonstrate the value and impact of security investments within the BU.

Metrics, Reporting, and Performance Management

  • Develop and maintain BU-level security and risk metrics (KPIs/KRIs) aligned with enterprise dashboards and frameworks.
  • Provide regular reporting to BU leadership and the CISO on cyber risk posture, control effectiveness, incidents, exceptions, and remediation progress.
  • Use data to support risk-based decision-making and to demonstrate the value and impact of security investments within the BU.

Stakeholder Management and Leadership

  • Build strong relationships with BU leaders, product owners, IT, engineering, finance, people, marketing, legal, and other stakeholders to drive alignment and shared outcomes.
  • Mediate between cybersecurity teams and business teams to resolve conflicts, clarify requirements, and negotiate risk-appropriate solutions.
  • Mentor and influence cross-functional teams within the BUs to improve their understanding of cyber risk and their role in managing it.

Experience

  • 8+ years of progressive experience in information/cybersecurity, IT risk, technology, or related roles, with significant exposure to business stakeholders.
  • Demonstrated experience in at least two of the following domains: security architecture/engineering, security operations, GRC, application security, cloud security, or data protection.
  • Proven track record functioning as a security or technology partner to business units, product lines, or regions (e.g., BISO, Security Business Partner, Security Architect, Risk Partner).
  • Experience working within established frameworks such as ISO 27001/2, NIST CSF, NIST 800-53/171, or similar.
  • Experience in a regulated industry is highly desirable.

Skills and Competencies

  • Technical & Risk Skills: Broad understanding of information security domains: network and cloud security, identity and access management, application security, data protection, vulnerability management, incident response, and security monitoring.
  • Strong knowledge of risk management principles, control design, and assessment methodologies.
  • Familiarity with regulatory requirements and standards relevant to the organization’s industry and geographies (e.g., SOX, GDPR, ISO 27001, TISAX, NIST CSF, sectoral regulations, etc.).
  • Business & Interpersonal Skills: Strong business acumen with the ability to understand BU strategy, value chains, and operating models, and to align security accordingly.
  • Exceptional communication skills, capable of translating technical risks into business language and vice versa, and tailoring messages to executives, technical teams, and frontline staff.
  • Prominent ability to influence, negotiate, and drive consensus without direct authority; comfortable operating in a matrixed environment.
  • High degree of integrity, judgment, and professionalism; able to handle sensitive issues and confidential information appropriately.

Similar jobs

Information Security Specialist

Resource Management Concepts, Inc.Port Hueneme, CA· 2 wk ago
Information Technology$104k–$146k/yrapply on apply.workable.com

Information Security Specialist

Tactica Solutions, LLCMiami, FL· 2 mo ago
Information Technology$100k–$120k/yrapply on careers-tactica-solutions.icims.com