Senior Director, Business Information Security Officer (BISO)

About Us:

 

Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.

How We Work:

At Proofpoint you’ll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values: 

Bold in how we dream and innovate

Responsive to feedback, challenges and opportunities

Accountable for results and best in class outcomes

Visionary in future focused problem-solving

Exceptional in execution and impact

Location: Sunnyvale, CA
Department: Information Security
Reports To: Chief Information Security Officer (CISO)

Company Overview

Proofpoint is a leading cybersecurity company focused on protecting organizations’ greatest assets—their people. Through advanced threat intelligence, protection, and mitigation services, we safeguard sensitive information from today’s most sophisticated attacks. As the Senior Director, BISO, you will play a key role in ensuring that security enables product innovation, engineering velocity, and customer trust.

Job Summary

The Senior Director, Business Information Security Officer (BISO) for Product & Engineering is a senior leadership role responsible for driving security alignment, governance, and risk management across Proofpoint’s product and engineering organizations.

This role serves as a trusted advisor and strategic partner to Product and Engineering leadership, ensuring that security policies, standards, and risk management practices are effectively defined, adopted, and operationalized within the software development lifecycle.

The BISO is accountable for ensuring that product and engineering teams understand, adopt, and adhere to security requirements, enabling secure-by-design product development at scale.

Key Responsibilities

Strategic Security Partnership with Product & Engineering

• Act as the primary security advisor to Product Management and Engineering leadership.

• Align enterprise security strategy with product roadmaps, architecture decisions, and engineering priorities.

• Ensure security considerations are incorporated early in product design and planning processes.

• Translate technical security risks into product, customer, and business impact to support decision-making.

Security Policy, Standards & Governance

• Define and maintain product and application security policies, standards, and guardrails aligned with industry best practices.

• Establish clear security requirements for the SDLC, including secure coding, testing, and release expectations.

• Partner with Product & Engineering to operationalize these standards within developer workflows and tooling.

• Drive consistent adoption and enforcement of security policies across all product teams.

(Derived from SDLC integration and security control expectations )

Product Security Risk Management & Oversight

• Establish a product-centric risk management framework, including risk identification, prioritization, and reporting.

• Ensure product and engineering teams appropriately assess, prioritize, and remediate vulnerabilities and design risks.

• Provide governance over risk acceptance decisions, ensuring alignment with business risk tolerance.

• Deliver clear visibility of product security risk posture to executive leadership.

(Extends adversary-focused risk identification and vulnerability management responsibilities )

Secure Development Enablement

• Partner with Product Security and Engineering teams to promote adoption of secure-by-design and secure-by-default principles.

• Ensure integration of security practices into SDLC and CI/CD pipelines (e.g., threat modeling, SAST/DAST, code reviews).

• Advocate for scalable security tooling and automation that align with engineering workflows.

• Monitor and report on adherence to secure development standards.

Security Architecture & Design Influence

• Provide security guidance on product and platform architecture decisions.

• Promote the use of secure design patterns, reference architectures, and reusable controls.

• Partner with engineering teams to evaluate and securely adopt new technologies, including cloud-native and AI/GenAI capabilities.

Security Incident & Vulnerability Governance (Product-Focused)

• Act as the business-facing security lead during significant product-related vulnerabilities or incidents.

• Ensure effective coordination and communication between security teams and product/engineering stakeholders.

• Provide oversight on prioritization and remediation of critical vulnerabilities.

(Aligned with incident response and vulnerability management expectations )

Cross-Functional Collaboration

• Build strong partnerships with Product Management, Engineering, Product Security, GRC, and Security Operations.

• Ensure security requirements are clearly defined, understood, and actionable within engineering processes.

• Act as the translation layer between technical security teams and business/product leadership.

Customer Trust & Product Security Representation

• Partner with Product and GTM teams to represent Proofpoint’s product security posture in customer engagements.

• Support security reviews, audits, and customer inquiries related to product security.

• Ensure alignment between product security practices and customer expectations.

Innovation & Emerging Technologies

• Stay current with emerging threats and vulnerabilities relevant to SaaS and cloud-native products.

• Ensure new product initiatives (e.g., AI/GenAI) incorporate appropriate security controls and governance.

• Drive continuous improvement of product security practices through feedback and insights from the business.

Leadership & Influence

• Lead through influence across product and engineering organizations without direct ownership of delivery teams.

• Foster a culture where security is embedded into product quality and engineering excellence.

• Drive accountability for security outcomes through governance, transparency, and partnership.

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.

• 10+ years of experience in cybersecurity, with strong exposure to product/application security and engineering engagement.

• Proven experience working in or alongside product and engineering organizations in a SaaS or cloud environment.

• Deep understanding of:

  • Secure SDLC and DevSecOps practices

  • Application security (OWASP Top 10, threat modeling, secure coding)

  • Vulnerability management and security testing tools (SAST, DAST, IAST)

• Strong ability to translate technical risks into product, customer, and business impact.

• Experience influencing cross-functional teams without direct authority.

• Experience with regulatory frameworks such as SOC 2, ISO 27001, and similar standards.

• Relevant certifications (CISSP, CISM, or CSSLP) preferred.

Key Success Attributes

• Strong influencer and operator—drives outcomes without owning all resources

• Deep credibility with product and engineering leaders

• Pragmatic, risk-based approach that balances security and product velocity

• Excellent executive communication and stakeholder management skills

• Comfortable operating in complex, fast-paced, and high-growth environments

Why Proofpoint?

At Proofpoint, we believe that an exceptional career experience includes a comprehensive compensation and benefits package. Here are just a few reasons you’ll love working with us:

• Competitive compensation

• Comprehensive benefits

• Career success on your terms

• Flexible work environment

• Annual wellness and community outreach days

• Always on recognition for your contributions

• Global collaboration and networking opportunities

 

Our Culture:

Our culture is rooted in values that inspire belonging, empower purpose and drive success-every day, for everyone.

We encourage applications from individuals of all backgrounds, experiences, and perspectives. If you need accommodation during the application or interview process, please reach out to [email protected].

 

How to Apply

Interested? Submit your application along with any supporting information- we can’t wait to hear from you!

Consistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable compensation and/or equity. We offer a competitive benefits package, including flexible time off, a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year, plus a three-week Work from Anywhere option.

Base Pay Ranges:

SF Bay Area, New York City Metro Area:

Base Pay Range: 245,400.00 - 337,370.00 USD

California (excludes SF Bay Area), Colorado, Connecticut, Illinois, Washington DC Metro, Maryland, Massachusetts, New Jersey, Texas, Washington, Virginia, and Alaska:

Base Pay Range: 197,100.00 - 271,040.00 USD

All other cities and states excluding those listed above:

Base Pay Range: 177,500.00 - 244,090.00 USD