Skip to content

VP of Business Information Security Office (BISO)

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

What's the role?

The business information security officer (BISO) serves as a trusted security advisor to the Wealth business, reporting directly to the Chief Information Security Officer. The BISO understands security risks and technologies and can effectively communicate them to business units. The BISO works in tandem with the business across multiple services and platforms to address risk, while advising business leaders to ensure they are making decisions with security in mind. The BISO is an advanced role supporting the cybersecurity program. This individual provides leadership, executive support, and strategic and tactical guidance for a world-class cybersecurity program supporting enterprise security initiatives. As a business enabler, the BISO is an effective communicator with the technical aptitude to drive security fundamentals into aspects of the business.

The BISO must be capable of working closely with senior management, third parties, project managers and business subject matter experts (SMEs). Additionally, the BISO must be personable and able to translate cybersecurity issues to business leader initiatives. The BISO must have a technical background and be able to understand technologies, their purpose, and their security requirements and data protection needs, wherever they reside. BISOs should also understand threats, as well as risk mitigations and technical controls recommended by security leaders.


  • Align and advocate for security initiatives with senior leadership in the business.

  • Primary ‘go to’ and advisor for their business partner related to cybersecurity and IT Risk Management.  Participate daily in business initiatives, anticipate security challenges and opportunities, and accelerate collaboration.

  • Build relationships with the business and the centralized security and IT Risk management functions.

  • Identify and respond to the business needs while balance industry best practices.

  • Ensure cybersecurity is a consideration at the genesis of projects, products and services.

  • Enforce the strong security culture set forth by the CISO, ensuring uniformity across security leadership, business units and employees.

  • Work closely with security leadership to instill cybersecurity policies and practices throughout business units .

  • In conjunction with security and business leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to non-technical teams in terms that are accessible and comprehensible.

  • Stay abreast of new laws, regulations and standards, and assess their impact to the business.

Skills and Experience:

  • At least 15+ years’ cybersecurity experience (or information technology coupled with cybersecurity), with at least 5+ years in an operationally focused security practitioner role.

  • At least 3 years’ experience working with business leadership and enterprise projects.

  • Strong understanding of current regulatory requirements.

  • Financial services experience.

  • Effective communicator with both technical and non-technical partners

  • Capable of working with diverse teams and promoting an enterprise-wide positive security culture.

  • High level of integrity, trustworthiness and confidence, and able to represent the company and security leadership with the highest level of professionalism.

  • Adept at understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.

  • Strong leadership, project management, multitasking and organizational skills.

  • Ability to work effectively with diverse teams and varying personalities and adapt management style to effectively reach mutually beneficial outcomes.

  • Able to attain and preserve credibility with the team through sustained industry knowledge.

  • Able to motivate the team to achieve excellence and give credit and recognition where it is due.

  • Applicable knowledge of national and global cybersecurity policies, regulations and security frameworks.

  • Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.

  • Self-starter requiring minimal supervision.

  • Highly organized and efficient.

  • Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.

Education Requirements:

  • Bachelor's degree in business administration, information assurance or related technical field.

  • Preferable, but not required: CISSP, CISM, CRISC, CISA


Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!

W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.


We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.