BISO (Business Information Security officer) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Elsevier · 2 hours ago

BISO (Business Information Security officer)

positionPhiladelphia, PA
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

Elsevier is a global information analytics business that helps institutions and professionals progress science, advance healthcare, and improve performance. The Business Information Security Officer (BISO) will drive information security governance and serve as a liaison between various business units and the Cyber Security organization to ensure security best practices are integrated into cloud operations and DevOps workflows.

ContentContent DiscoveryDeliveryHealth CareInformation ServicesInformation TechnologyPublishing
check
Work & Life Balance
check
H1B Sponsor Likelynote
Hiring Manager
ALAN KRULL
linkedin

Responsibilities

Driving information, cyber, and infrastructure security governance across all business and technology units, ensuring alignment with enterprise cybersecurity programs, objectives, and regulatory requirements
Serving as the primary liaison between Business Units, Cloud Engineering, and the Cyber Security organization to embed security awareness and best practices into AWS cloud operations, CI/CD pipelines, and DevOps workflows
Leading cloud security oversight for AWS environments, including configuration management, identity and access controls, encryption, and compliance with organizational policies and industry standards (ISO 27001, NIST, SOC 2)
Managing and coordinating technical risk assessments — including vulnerability scanning, penetration testing, and application risk reviews — to ensure secure deployment across cloud and hybrid infrastructures
Overseeing the security posture of CI/CD pipelines (Jenkins, GitHub Actions, or similar), integrating automated scanning tools and secure code validation into build and deployment processes
Collaborating with DevOps and Infrastructure teams to define and implement secure-by-design practices for containerized workloads, Kubernetes clusters, and AWS-native services (EKS, EC2, S3, Lambda)
Defining and executing a risk-based information and infrastructure security strategy, including setting measurable goals, developing security training programs, and creating roadmaps for improving DevSecOps maturity
Developing and report cybersecurity metric scorecards to track compliance with enterprise standards, vulnerability remediation progress, and adoption of security controls across business and cloud environments
Providing expert guidance on security architecture decisions, evaluating new tools and technologies for impact on cloud environments, automation frameworks, and enterprise security strategy
Leading cross-functional security initiatives to ensure business innovation aligns with secure architecture principles, risk management standards, and ongoing governance frameworks

Qualification

AWS servicesCloud architecture designCompliance automationSecurity integration in CI/CDKubernetesScripting proficiencyVault solutionsTechnical risk translationSecurity program leadershipCybersecurity awareness programs

Required

Possess a strong proficiency with AWS services (EC2, S3, IAM, Lambda, CloudTrail, CloudWatch, KMS, GuardDuty, Security Hub, WAF, etc.)
Have the ability to design secure, scalable cloud architectures with proper identity, access management, and network segmentation
Experience with AWS Config, AWS Control Tower, or Terraform for compliance automation and infrastructure as code (IaC)
Possess an understanding of Kubernetes (EKS), Docker, and container image scanning tools
Hands-on experience integrating security controls into Jenkins, GitHub Actions, or GitLab CI pipelines
Familiarity with code scanning tools (Snyk, SonarQube, Checkmarx, or Veracode) and dependency management
Scripting proficiency (Python, Bash, or PowerShell) to automate security testing and compliance checks
Experience implementing vault solutions (HashiCorp Vault, AWS Secrets Manager)
Ability to translate technical risks into business terms for senior stakeholders and non-technical leaders
Experience partnering with IT, Cloud, and Business Units to embed security in strategic initiatives
Leading security programs, tracking KPIs/metrics, and ensuring timely delivery of remediation plans
Designing and delivering cybersecurity awareness programs tailored to business functions

Company

Elsevier

twittertwittertwitter
Glassdoor4.0
company-logo
Elsevier is a world-leading provider of information solutions that enhance the performance of science, health, and technology. It is a sub-organization of RELX.
dateFounded in 1880
location
Amsterdam, Noord-Holland, NLD
people-size5001-10000 employees
web-link
http://www.elsevier.com

H1B Sponsorship

Elsevier has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (32)
2024 (17)
2023 (28)
2022 (46)
2021 (28)
2020 (19)

Funding

Current Stage
Late Stage
Total Funding
unknown
2003-09-01Private Equity

Leadership Team

leader-logo
Dan Olley
EVP & CTO - Elsevier
linkedin
C
Catherine Thrift
CFO
linkedin

Recent News

PR Newswire
RIFM Sets Global Standard for Fragrance Safety in 2025
2025-12-18
Business Wire
Comparably Announces 2025 Best Compensation, Best CEO’s and Best Company Culture Awards
2025-12-17
Research & Development World
Looking around corners: Elsevier’s genAI SVP LeapSpace offers perspective on the future of scientific publishing
2025-12-05
Company data provided by crunchbase