Enable job alerts via email!

Business Information Security Officer, Europe

Levi Strauss & Co.

London

Hybrid

GBP 60,000 - 90,000

Full time

29 days ago

Job summary

A leading company in the fashion industry seeks a Business Information Security Officer (BISO) for their London office. The BISO will bridge central cybersecurity functions with regional business goals, aligning security objectives with operational strategies, and fostering a culture of security awareness. Candidates should have significant experience in cybersecurity and a background in regulatory compliance, particularly in Europe.

Qualifications

  • 6+ years of experience in cybersecurity or IT risk management.
  • Experience within the European regulatory landscape (e.g., GDPR).
  • Relevant certifications (e.g., CISSP, CISM, CRISC).

Responsibilities

  • Collaborate with regional business leaders on cybersecurity matters.
  • Support third-party risk management activities.
  • Educate regional partners on data and operational risks.

Skills

Cybersecurity
Risk Management
Business Partnering
Compliance
AI Governance
Communication

Education

Bachelor's degree in Information Security, Computer Science, Engineering or related field

Tools

NIST CSF
CIS
PCI

Job description

JOB DESCRIPTION

ABOUT THE JOB

We're looking for a Business Information Security Officer (BISO), Europe, to join our team in London, reporting to the Senior Manager, Business Information Security Office and Strategy.

As the BISO for Europe, you'll play a key role as the bridge between our central cybersecurity function and the regional business teams. You'll work closely with regional leadership to understand business goals, embed cybersecurity, including AI-related risks into operational strategies, and drive alignment between business and security objectives. You'll also lead efforts to identify and assess risks, advise on mitigation approaches, and foster a strong culture of security awareness across the region.

KEY RESPONSIBILITIES

Business Partnership & Advisory:
  • Collaborate with regional business leaders and managers to serve as a trusted advisor on cybersecurity matters, including new areas like AI security.
  • Develop an understanding of regional team goals and processes to communicate cyber risks in e-commerce, retail and wholesale business teams.
  • Advise regional management on cybersecurity risk levels, posture, and the potential impact of threats.
  • Support regional leadership by contributing to the cost-benefit analysis of information security programs.
  • Partner with Privacy team and legal counsel on several due diligence and data related functions.

Risk Management & Governance:
  • Support the implementation and management of regional third-party risk management activities, which includes performing third-party risk assessments.
  • Experience with PCI compliance. Manage, lead, and conduct PCI assessment for the different countries in scope partnering with app owners and payment gateway solutions.
  • Help build the regional data loss prevention (DLP) program components and understand business impact.
  • Advise on the implementation of corporate AI governance and security posture management for AI systems within the region.
  • Ensure regional adherence to risk remediation protocols, tracking mitigation efforts and exceptions according to established frameworks and standards (NIST CSF, CIS, etc.).
  • Help establish a clear path to communicate risk within supported businesses.

Communication & Culture:
  • Constructively engage partners regarding cybersecurity issues and requirements. Maintain relationships with respective point of contacts.
  • Understand different cultures in the European regions and stay on top of changing and new regulatory requirements.
  • Educate regional partners on cybersecurity-related matters, including data and operational risks and best practices, to increase awareness and foster a security-conscious culture.
  • Participate in relevant cybersecurity and business-related councils or working groups.
  • Facilitate communication between regional departments and central cybersecurity teams (e.g., security architects, engineers).

ABOUT YOU
  • Bachelor's degree in Information Security, Computer Science, Engineering, or a related field.
  • Experience engaging with and influencing multiple management levels regarding business specific Information Security Risk briefing and reporting.
  • Experience operating within the European regulatory landscape (e.g., GDPR).
  • 6+ years of experience in cybersecurity, Network/Application security, IT risk management, or a similar role, with demonstrated experience in business partnering or liaison functions.
  • Experience with cybersecurity principles, risk management frameworks (e.g., NIST CSF, CIS v8, PCI , etc.), and security technologies.
  • Familiarity with AI concepts, AI-specific security risks, and AI governance frameworks (e.g., NIST AI RMF, EU AI Act principles). Experience with AI security posture management.
  • Relevant certifications (e.g., CISSP, CISM, CRISC).

LS&Co. is an affirmative action and equal employment opportunity employer. We welcome and value people from diverse cultures, backgrounds, and experiences to make LS&Co. a collective success.

#LI-hybrid

LOCATION
London, United Kingdom
FULL TIME/PART TIME
Full timeCurrent LS&Co Employees, apply via your Workday account.
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.