Logo
Elsevier

BISO (Business Information Security officer) (Philadelphia) Job at Elsevier in P

Elsevier, Philadelphia, PA, US

Save Job

Business Information Security officer (BISO) for TIO (Technology Infrastructure and Operations)

We are not looking to hire a CISO as this BISO role will report to our CISO

Requirements

  • Possess a strong proficiency with AWS services (EC2, S3, IAM, Lambda, CloudTrail, CloudWatch, KMS, GuardDuty, Security Hub, WAF, etc.).
  • Have the ability to design secure, scalable cloud architectures with proper identity, access management, and network segmentation.
  • Experience with AWS Config, AWS Control Tower, or Terraform for compliance automation and infrastructure as code (IaC).
  • Possess an understanding of Kubernetes (EKS), Docker, and container image scanning tools.
  • Hands-on experience integrating security controls into Jenkins, GitHub Actions, or GitLab CI pipelines.
  • Familiarity with code scanning tools (Snyk, SonarQube, Checkmarx, or Veracode) and dependency management.
  • Scripting proficiency (Python, Bash, or PowerShell) to automate security testing and compliance checks.
  • Experience implementing vault solutions (HashiCorp Vault, AWS Secrets Manager).
  • Ability to translate technical risks into business terms for senior stakeholders and non-technical leaders.
  • Experience partnering with IT, Cloud, and Business Units to embed security in strategic initiatives.
  • Leading security programs, tracking KPIs/metrics, and ensuring timely delivery of remediation plans. Designing and delivering cybersecurity awareness programs tailored to business functions.

Responsibilities

  • Driving information, cyber, and infrastructure security governance across all business and technology units, ensuring alignment with enterprise cybersecurity programs, objectives, and regulatory requirements.
  • Serving as the primary liaison between Business Units, Cloud Engineering, and the Cyber Security organization to embed security awareness and best practices into AWS cloud operations, CI/CD pipelines, and DevOps workflows.
  • Leading cloud security oversight for AWS environments, including configuration management, identity and access controls, encryption, and compliance with organizational policies and industry standards (ISO 27001, NIST, SOC 2).
  • Managing and coordinating technical risk assessments including vulnerability scanning, penetration testing, and application risk reviews to ensure secure deployment across cloud and hybrid infrastructures.
  • Overseeing the security posture of CI/CD pipelines (Jenkins, GitHub Actions, or similar), integrating automated scanning tools and secure code validation into build and deployment processes.
  • Collaborating with DevOps and Infrastructure teams to define and implement secure-by-design practices for containerized workloads, Kubernetes clusters, and AWS-native services (EKS, EC2, S3, Lambda).
  • Defining and executing a risk-based information and infrastructure security strategy , including setting measurable goals, developing security training programs, and creating roadmaps for improving DevSecOps maturity.
  • Developing and report cybersecurity metric scorecards to track compliance with enterprise standards, vulnerability remediation progress, and adoption of security controls across business and cloud environments.
  • Providing expert guidance on security architecture decisions , evaluating new tools and technologies for impact on cloud environments, automation frameworks, and enterprise security strategy.
  • Leading cross-functional security initiatives to ensure business innovation aligns with secure architecture principles, risk management standards, and ongoing governance frameworks.