Senior Director, Business Information Security Officer (BISO)

About the role

Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people. How We Work: At Proofpoint you'll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values: Bold in how we dream and innovate Responsive to feedback, challenges and opportunities Accountable for results and best in class outcomes Visionary in future focused problem-solving Exceptional in execution and impact Location: Sunnyvale, CA Department: Information Security Reports To: Chief Information Security Officer (CISO) Company Overview Proofpoint is a leading cybersecurity company focused on protecting organizations' greatest assets-their people. Through advanced threat intelligence, protection, and mitigation services, we safeguard sensitive information from today's most sophisticated attacks. As the Senior Director, BISO, you will play a key role in ensuring that security enables product innovation, engineering velocity, and customer trust. Job Summary The Senior Director, Business Information Security Officer (BISO) for Product & Engineering is a senior leadership role responsible for driving security alignment, governance, and risk management across Proofpoint's product and engineering organizations . This role serves as a trusted advisor and strategic partner to Product and Engineering leadership, ensuring that security policies, standards, and risk management practices are effectively defined, adopted, and operationalized within the software development lifecycle. The BISO is accountable for ensuring that product and engineering teams understand, adopt, and adhere to security requirements , enabling secure-by-design product development at scale.

Responsibilities

• Strategic Security Partnership with Product & Engineering
• Act as the primary security advisor to Product Management and Engineering leadership.
• Align enterprise security strategy with product roadmaps, architecture decisions, and engineering priorities.
• Ensure security considerations are incorporated early in product design and planning processes.
• Translate technical security risks into product, customer, and business impact to support decision-making.
• Security Policy, Standards & Governance
• Define and maintain product and application security policies, standards, and guardrails aligned with industry best practices.
• Establish clear security requirements for the SDLC, including secure coding, testing, and release expectations.
• Partner with Product & Engineering to operationalize these standards within developer workflows and tooling.
• Drive consistent adoption and enforcement of security policies across all product teams.
• (Derived from SDLC integration and security control expectations )
• Product Security Risk Management & Oversight
• Establish a product-centric risk management framework, including risk identification, prioritization, and reporting.
• Ensure product and engineering teams appropriately assess, prioritize, and remediate vulnerabilities and design risks.
• Provide governance over risk acceptance decisions, ensuring alignment with business risk tolerance.
• Deliver clear visibility of product security risk posture to executive leadership.
• (Extends adversary-focused risk identification and vulnerability management responsibilities )
• Secure Development Enablement
• Partner with Product Security and Engineering teams to promote adoption of secure-by-design and secure-by-default principles.
• Ensure integration of security practices into SDLC and CI/CD pipelines (e.g., threat modeling, SAST/DAST, code reviews).
• Advocate for scalable security tooling and automation that align with engineering workflows.
• Monitor and report on adherence to secure development standards.
• Security Architecture & Design Influence
• Provide security guidance on product and platform architecture decisions.
• Promote the use of secure design patterns, reference architectures, and reusable controls.
• Partner with engineering teams to evaluate and securely adopt new technologies, including cloud-native and AI/GenAI capabilities.
• Security Incident & Vulnerability Governance (Product-Focused)
• Act as the business-facing security lead during significant product-related vulnerabilities or incidents.
• Ensure effective coordination and communication between security teams and product/engineering stakeholders.
• Provide oversight on prioritization and remediation of critical vulnerabilities.
• (Aligned with incident response and vulnerability management expectations )
• Cross-Funct

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at proofpoint? Share your experience