Sign upLog in

Senior Director, Business Information Security Officer (BISO)

Proofpoint

Sunnyvale, CA

Apply
JOB DETAILS
SALARY
$245,400–$337,370 Per Year
SKILLS
Alliance/Partner Management, Applications Security, Artificial Intelligence (AI), Artificial Intelligence (AI) Agents, Automation, Best Practices, Best Sales Team, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Channel Strategies, Cloud Computing, Code Reviews, Communication Skills, Communications Security (COMSEC), Computer Science, Computer Security, Continuous Deployment/Delivery, Continuous Improvement, Continuous Integration, Cross-Functional, Decision Support, Embedded Systems, Emerging Technology, Enterprise Protection, Establish Priorities, ISO (International Organization for Standardization), Information/Data Security (InfoSec), Internet Security, Leadership, Machine Tool, Microsoft Outlook, Network Connectivity, Process Improvement, Product Design, Product Development, Product Engineering, Product Management, Product Planning, Product Programs, Protective Services, Quality Engineering, Regulations, Requirements Management, Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), Security Architecture, Security Auditing, Security Design, Software Administration, Software Development Lifecycle (SDLC), Software Engineering, Software as a Service (SaaS), Standards Development, Test Tools, Threat Modeling
LOCATION
Sunnyvale, CA
POSTED
6 days ago
About Us:


Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.


How We Work:


At Proofpoint you’ll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values:


Bold in how we dream and innovate


Responsive to feedback, challenges and opportunities


Accountable for results and best in class outcomes


Visionary in future focused problem-solving


Exceptional in execution and impact


Location: Sunnyvale, CA

Department: Information Security

Reports To: Chief Information Security Officer (CISO)


Company Overview


Proofpoint is a leading cybersecurity company focused on protecting organizations’ greatest assets—their people. Through advanced threat intelligence, protection, and mitigation services, we safeguard sensitive information from today’s most sophisticated attacks. As the Senior Director, BISO, you will play a key role in ensuring that security enables product innovation, engineering velocity, and customer trust.


Job Summary


The Senior Director, Business Information Security Officer (BISO) for Product & Engineering is a senior leadership role responsible for driving security alignment, governance, and risk management across Proofpoint’s product and engineering organizations .


This role serves as a trusted advisor and strategic partner to Product and Engineering leadership, ensuring that security policies, standards, and risk management practices are effectively defined, adopted, and operationalized within the software development lifecycle.


The BISO is accountable for ensuring that product and engineering teams understand, adopt, and adhere to security requirements , enabling secure-by-design product development at scale.


Key Responsibilities


Strategic Security Partnership with Product & Engineering


+ Act as the primary security advisor to Product Management and Engineering leadership.

+ Align enterprise security strategy with product roadmaps, architecture decisions, and engineering priorities.

+ Ensure security considerations are incorporated early in product design and planning processes.

+ Translate technical security risks into product, customer, and business impact to support decision-making.


Security Policy, Standards & Governance


+ Define and maintain product and application security policies, standards, and guardrails aligned with industry best practices.

+ Establish clear security requirements for the SDLC, including secure coding, testing, and release expectations.

+ Partner with Product & Engineering to operationalize these standards within developer workflows and tooling.

+ Drive consistent adoption and enforcement of security policies across all product teams.


_(Derived from SDLC integration and security control expectations )_


Product Security Risk Management & Oversight


+ Establish a product-centric risk management framework, including risk identification, prioritization, and reporting.

+ Ensure product and engineering teams appropriately assess, prioritize, and remediate vulnerabilities and design risks.

+ Provide governance over risk acceptance decisions, ensuring alignment with business risk tolerance.

+ Deliver clear visibility of product security risk posture to executive leadership.


_(Extends adversary-focused risk identification and vulnerability management responsibilities )_


Secure Development Enablement


+ Partner with Product Security and Engineering teams to promote adoption of secure-by-design and secure-by-default principles.

+ Ensure integration of security practices into SDLC and CI/CD pipelines (e.g., threat modeling, SAST/DAST, code reviews).

+ Advocate for scalable security tooling and automation that align with engineering workflows.

+ Monitor and report on adherence to secure development standards.


Security Architecture & Design Influence


+ Provide security guidance on product and platform architecture decisions.

+ Promote the use of secure design patterns, reference architectures, and reusable controls.

+ Partner with engineering teams to evaluate and securely adopt new technologies, including cloud-native and AI/GenAI capabilities.


Security Incident & Vulnerability Governance (Product-Focused)


+ Act as the business-facing security lead during significant product-related vulnerabilities or incidents.

+ Ensure effective coordination and communication between security teams and product/engineering stakeholders.

+ Provide oversight on prioritization and remediation of critical vulnerabilities.


_(Aligned with incident response and vulnerability management expectations )_


Cross-Functional Collaboration


+ Build strong partnerships with Product Management, Engineering, Product Security, GRC, and Security Operations.

+ Ensure security requirements are clearly defined, understood, and actionable within engineering processes.

+ Act as the translation layer between technical security teams and business/product leadership.


Customer Trust & Product Security Representation


+ Partner with Product and GTM teams to represent Proofpoint’s product security posture in customer engagements.

+ Support security reviews, audits, and customer inquiries related to product security.

+ Ensure alignment between product security practices and customer expectations.


Innovation & Emerging Technologies


+ Stay current with emerging threats and vulnerabilities relevant to SaaS and cloud-native products.

+ Ensure new product initiatives (e.g., AI/GenAI) incorporate appropriate security controls and governance.

+ Drive continuous improvement of product security practices through feedback and insights from the business.


Leadership & Influence


+ Lead through influence across product and engineering organizations without direct ownership of delivery teams.

+ Foster a culture where security is embedded into product quality and engineering excellence.

+ Drive accountability for security outcomes through governance, transparency, and partnership.


Qualifications


+ Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.

+ 10+ years of experience in cybersecurity, with strong exposure to product/application security and engineering engagement.

+ Proven experience working in or alongside product and engineering organizations in a SaaS or cloud environment.

+ Deep understanding of:

+ Secure SDLC and DevSecOps practices

+ Application security (OWASP Top 10, threat modeling, secure coding)

+ Vulnerability management and security testing tools (SAST, DAST, IAST)

+ Strong ability to translate technical risks into product, customer, and business impact.

+ Experience influencing cross-functional teams without direct authority.

+ Experience with regulatory frameworks such as SOC 2, ISO 27001, and similar standards.

+ Relevant certifications (CISSP, CISM, or CSSLP) preferred.


Key Success Attributes


+ Strong influencer and operator —drives outcomes without owning all resources

+ Deep credibility with product and engineering leaders

+ Pragmatic, risk-based approach that balances security and product velocity

+ Excellent executive communication and stakeholder management skills

+ Comfortable operating in complex, fast-paced, and high-growth environments


Why Proofpoint?


At Proofpoint, we believe that an exceptional career experience includes a comprehensive compensation and benefits package. Here are just a few reasons you’ll love working with us:


+ Competitive compensation

+ Comprehensive benefits

+ Career success on your terms

+ Flexible work environment

+ Annual wellness and community outreach days

+ Always on recognition for your contributions

+ Global collaboration and networking opportunities


Our Culture:


Our culture is rooted in values that inspire belonging, empower purpose and drive success-every day, for everyone.


We encourage applications from individuals of all backgrounds, experiences, and perspectives. If you need accommodation during the application or interview process, please reach out to accessibility@proofpoint.com .


How to Apply


Interested? Submit your application along with any supporting information- we can’t wait to hear from you!


Consistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable compensation and/or equity. We offer a competitive benefits package, including flexible time off, a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year, plus a three-week Work from Anywhere option.


Base Pay Ranges:


SF Bay Area, New York City Metro Area:


Base Pay Range: 245,400.00 - 337,370.00 USD


California (excludes SF Bay Area), Colorado, Connecticut, Illinois, Washington DC Metro, Maryland, Massachusetts, New Jersey, Texas, Washington, Virginia, and Alaska:


Base Pay Range: 197,100.00 - 271,040.00 USD


All other cities and states excluding those listed above:


Base Pay Range: 177,500.00 - 244,090.00 USD


Proofpoint has been honored with six Best Places to Work Awards in 2024 by workplace culture leader Comparably, including Best Company Career Growth, Best Company Outlook, Best Global Culture, Best Engineering Teams, Best Sales Teams, and Best HR Teams.


We are the leader in human-centric cybersecurity. Half a million customers, including 87 of the Fortune 100, rely on Proofpoint to protect their organizations. We’re driven by a mission to stay ahead of bad actors and safeguard the digital world. Join us in our pursuit to defend data and protect people.


Our BRAVE Values:


At Proofpoint, we are BRAVE in everything we do, and our values aren’t just words—they shape how we work, collaborate, and grow.


We seek people who are bold enough to challenge the status quo, responsive in the face of ever-evolving threats, and accountable for delivering real impact.


We value those with a visionary mindset who anticipate what’s next and push cybersecurity forward, and we celebrate exceptional execution that ensures we continue to defend data and protect people.


Proofpoint is an equal opportunity employer, we hire without consideration to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, veteran status or disability.


Find your network, your allies, and your biggest fans. We know that work is simply better when you’re surrounded by people who inspire you—who share ideas, cheer you on, and genuinely want to see you succeed. That’s why we offer social circles, sponsored networks, and connection points across teams and time zones—to help you find your people, build your community, and thrive together.


This isn’t just a job—it’s a mission to protect people and defend data in a world that never slows down. We’re building the future of human-centric cybersecurity, and that future belongs to all of us. We take ownership, move fast, and hold ourselves accountable—because that’s what it takes to stay ahead. And we do it together, winning as one.


Be empowered to reach your full potential through meaningful challenges and personalized support—designed around you and your goals. Whether you're growing as a leader or leveling up from great to exceptional as an individual contributor, we’re here to help you get there.
Proofpoint is an equal opportunity employer, we hire without consideration to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, veteran status or disability.

About the Company

P

Proofpoint

Proofpoint, Inc. (NASDAQ:PFPT) is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps customers around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including more than half of the Fortune 100, rely on Proofpoint to mitigate their most critical security and compliance risks across email, the cloud, social media, and the web. No one protects people, the data they create, and the digital channels they use more effectively than Proofpoint.

If you’re looking for a customer-focused, driven-to-win organization with leading-edge products, you’ll find many exciting reasons to join our team. We believe in hiring smart, motivated, problem-solvers to cultivate a culture of collaboration and appreciation. We are an international company with locations in North America, EMEA and APAC, with each location contributing to our culture.

COMPANY SIZE
2,500 to 4,999 employees
INDUSTRY
Computer/IT Services
EMPLOYEE BENEFITS
Performance Bonus, 401K, Employee Referral Program, Employee Events
FOUNDED
2002
WEBSITE
https://www.proofpoint.com