Enable job alerts via email!
Business Information Security Officer, Europe
LEVI'S
London
Hybrid
GBP 60,000 - 100,000
Full time
Boost your interview chances
Create a job specific, tailored resume for higher success rate.
Job summary
An established industry player is seeking a Business Information Security Officer to bridge the gap between cybersecurity and regional business teams in London. This pivotal role involves advising on cybersecurity risks, implementing governance frameworks, and fostering a culture of security awareness. With a focus on AI-related risks and compliance with European regulations, you will work closely with leadership to align security objectives with business goals. Join a dynamic team that values diverse backgrounds and experiences, and make a significant impact in enhancing security across the region.
Qualifications
- 6+ years of experience in cybersecurity and IT risk management.
- Experience with cybersecurity principles and risk management frameworks.
- Familiarity with AI concepts and security risks.
Responsibilities
- Collaborate with regional business leaders on cybersecurity matters.
- Support third-party risk management activities and PCI assessments.
- Educate partners on cybersecurity-related matters and best practices.
Skills
Education
Tools
Job description
Current LS&Co Employees, apply via your Workday account. JOB DESCRIPTION
ABOUT THE JOB
We're looking for a Business Information Security Officer (BISO), Europe, to join our team in London, reporting to the Senior Manager, Business Information Security Office and Strategy.
As the BISO for Europe, you'll play a key role as the bridge between our central cybersecurity function and the regional business teams. You'll work closely with regional leadership to understand business goals, embed cybersecurity, including AI-related risks into operational strategies, and drive alignment between business and security objectives. You'll also lead efforts to identify and assess risks, advise on mitigation approaches, and foster a strong culture of security awareness across the region.
KEY RESPONSIBILITIES
Business Partnership & Advisory:
- Collaborate with regional business leaders and managers to serve as a trusted advisor on cybersecurity matters, including new areas like AI security.
- Develop an understanding of regional team goals and processes to communicate cyber risks in e-commerce, retail and wholesale business teams.
- Advise regional management on cybersecurity risk levels, posture, and the potential impact of threats.
- Support regional leadership by contributing to the cost-benefit analysis of information security programs.
- Partner with Privacy team and legal counsel on several due diligence and data related functions.
- Support the implementation and management of regional third-party risk management activities, which includes performing third-party risk assessments.
- Experience with PCI compliance. Manage, lead, and conduct PCI assessment for the different countries in scope partnering with app owners and payment gateway solutions.
- Help build the regional data loss prevention (DLP) program components and understand business impact.
- Advise on the implementation of corporate AI governance and security posture management for AI systems within the region.
- Ensure regional adherence to risk remediation protocols, tracking mitigation efforts and exceptions according to established frameworks and standards (NIST CSF, CIS, etc.).
- Help establish a clear path to communicate risk within supported businesses.
- Constructively engage partners regarding cybersecurity issues and requirements. Maintain relationships with respective point of contacts.
- Understand different cultures in the European regions and stay on top of changing and new regulatory requirements.
- Educate regional partners on cybersecurity-related matters, including data and operational risks and best practices, to increase awareness and foster a security-conscious culture.
- Participate in relevant cybersecurity and business-related councils or working groups.
- Facilitate communication between regional departments and central cybersecurity teams (e.g., security architects, engineers).
- Bachelor's degree in Information Security, Computer Science, Engineering, or a related field.
- Experience engaging with and influencing multiple management levels regarding business specific Information Security Risk briefing and reporting.
- Experience operating within the European regulatory landscape (e.g., GDPR).
- 6+ years of experience in cybersecurity, Network/Application security, IT risk management, or a similar role, with demonstrated experience in business partnering or liaison functions.
- Experience with cybersecurity principles, risk management frameworks (e.g., NIST CSF, CIS v8, PCI , etc.), and security technologies.
- Familiarity with AI concepts, AI-specific security risks, and AI governance frameworks (e.g., NIST AI RMF, EU AI Act principles). Experience with AI security posture management.
- Relevant certifications (e.g., CISSP, CISM, CRISC).
#LI-hybrid
FULL TIME/PART TIME
Full time
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
