Senior Director, Business Information Security Officer (BISO)
Sunnyvale, CA
About the role
About Us: Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.
How We Work: At Proofpoint you’ll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values: Bold in how we dream and innovate Responsive to feedback, challenges and opportunities Accountable for results and best in class outcomes Visionary in future focused problem-solving Exceptional in execution and impact Location: Sunnyvale, CA Department: Information Security Reports To: Chief Information Security Officer (CISO) Company Overview Proofpoint is a leading cybersecurity company focused on protecting organizations’ greatest assets—their people. Through advanced threat intelligence, protection, and mitigation services, we safeguard sensitive information from today’s most sophisticated attacks. As the Senior Director, BISO, you will play a key role in ensuring that security enables product innovation, engineering velocity, and customer trust. Job Summary The Senior Director, Business Information Security Officer (BISO) for Product & Engineering is a senior leadership role responsible for driving security alignment, governance, and risk management across Proofpoint’s product and engineering organizations. This role serves as a trusted advisor and strategic partner to Product and Engineering leadership, ensuring that security policies, standards, and risk management practices are effectively defined, adopted, and operationalized within the software development lifecycle. The BISO is accountable for ensuring that product and engineering teams understand, adopt, and adhere to security
requirements, enabling secure-by-design product development at scale. Key
Responsibilities Strategic Security Partnership with Product & Engineering Act as the primary security advisor to Product Management and Engineering leadership. Align enterprise security strategy with product roadmaps, architecture decisions, and engineering priorities. Ensure security considerations are incorporated early in product design and planning processes. Translate technical security risks into product, customer, and business impact to support decision-making. Security Policy, Standards & Governance Define and maintain product and application security policies, standards, and guardrails aligned with industry best practices. Establish clear security
requirements for the SDLC, including secure coding, testing, and release expectations. Partner with Product & Engineering to operationalize these standards within developer workflows and tooling. Drive consistent adoption and enforcement of security policies across all product teams. (Derived from SDLC integration and security control expectations ) Product Security Risk Management & Oversight Establish a product-centric risk management framework, including risk identification, prioritization, and reporting. Ensure product and engineering teams appropriately assess, prioritize, and remediate vulnerabilities and design risks. Provide governance over risk acceptance decisions, ensuring alignment with business risk tolerance. Deliver clear visibility of product security risk posture to executive leadership. (Extends adversary-focused risk identification and vulnerability management
responsibilities ) Secure Development Enablement Partner with Product Security and Engineering teams to promote adoption of secure-by-design and secure-by-default principles. Ensure integration of security practices into SDLC and CI/CD pipelines (e.g., threat modeling, SAST/DAST, code reviews). Advocate for scalable security tooling and automation that align with engineering workflows. Monitor and report on adherence to secure development standards. Security Architecture & Design Influence Provide security guidance on product and platform architecture decisions. Promote the use of secure design patterns, reference architectures, and reusable controls. Partner with engineering teams to evaluate and securely adopt new technologies, including cloud-native and AI/GenAI capabilities. Security Incident & Vulnerability Governance (Product-Focused) Act as the business-facing security lead during significant product-related vulnerabilities or incidents. Ensure effective coordination and communication between security teams and product/engineering stakeholders. Provide oversight on prioritization and remediation of critical vulnerabilities. (Aligned with incident response and vulnerability management expectations ) Cross-Functional Collaboration Build strong partnerships with Product Management, Engineering, Product Security, GRC, and Security Operations. Ensure security
requirements are clearly defined, understood, and actionable within engineering processes. Act as the translation layer between technical security teams and business/product leadership. Customer Trust & Product Security Representation Partner with Product and GTM teams to represent Proofpoint’s product security posture in customer engagements. Support security reviews, audits, and customer inquiries related to product security. Ensure alignment between product security practices and customer expectations. Innovation & Emerging Technologies Stay current with emerging threats and vulnerabilities relevant to SaaS and cloud-native products. Ensure new product initiatives (e.g., AI/GenAI) incorporate appropriate security controls and governance. Drive continuous improvement of product security practices through feedback and insights from the business. Leadership & Influence Lead through influence across product and engineering organizations without direct ownership of delivery teams. Foster a culture where security is embedded into product quality and engineering excellence. Drive accountability for security outcomes through governance, transparency, and partnership.
Qualifications Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. 10+ years of experience in cybersecurity, with strong exposure to product/application security and engineering engagement. Proven experience working in or alongside product and engineering organizations in a SaaS or cloud environment. Deep understanding of: Secure SDLC and DevSecOps practices Application security (OWASP Top 10, threat modeling, secure coding) Vulnerability management and security testing tools (SAST, DAST, IAST) Strong ability to translate technical risks into product, customer, and business impact. Experience influencing cross-functional teams without direct authority. Experience with regulatory frameworks such as SOC 2, ISO 27001, and similar standards. Relevant certifications (CISSP, CISM, or CSSLP) preferred. Key Success Attributes Strong influencer and operator—drives outcomes without owning all resources Deep credibility with product and engineering leaders Pragmatic, risk-based approach that balances security and product velocity Excellent executive communication and stakeholder management skills Comfortable operating in complex, fast-paced, and high-growth environments Why Proofpoint? At Proofpoint, we believe that an exceptional career experience includes a comprehensive
compensation and
benefits package. Here are just a few reasons you’ll love working with us: Competitive
compensation Comprehensive
benefits Career success on your terms Flexible work environment Annual wellness and community outreach days Always on recognition for your contributions Global collaboration and networking opportunities Our Culture: Our culture is rooted in values that inspire belonging, empower purpose and drive success-every day, for everyone. We encourage applications from individuals of all backgrounds, experiences, and perspectives. If you need accommodation during the application or interview process, please reach out to [email protected]. How to Apply Interested? Submit your application along with any supporting information- we can’t wait to hear from you! Consistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our
compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable
compensation and/or equity. We offer a competitive
benefits package, including flexible time off, a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year, plus a three-week Work from Anywhere option. Base Pay Ranges: SF Bay Area, New York City Metro Area: Base Pay Range: 245,400.00 - 337,370.00 USD California (excludes SF Bay Area), Colorado, Connecticut, Illinois, Washington DC Metro, Maryland, Massachusetts, New Jersey, Texas, Washington, Virginia, and Alaska: Base Pay Range: 197,100.00 - 271,040.00 USD All other cities and states excluding those listed above: Base Pay Range: 177,500.00 - 244,090.00 USD Proofpoint has been honored with six Best Places to Work Awards in 2024 by workplace culture leader Comparably, including Best Company Career Growth, Best Company Outlook, Best Global Culture, Best Engineering Teams, Best Sales Teams, and Best HR Teams. We are the leader in human-centric cybersecurity. Half a million customers, including 87 of the Fortune 100, rely on Proofpoint to protect their organizations. We’re driven by a mission to stay ahead of bad actors and safeguard the digital world. Join us in our pursuit to defend data and protect people. Our BRAVE Values: At Proofpoint, we are BRAVE in everything we do, and our values aren’t just words—they shape
how we work, collaborate, and grow. We seek people who are bold enough to challenge the status quo, responsive in the face of ever-evolving threats, and accountable for delivering real impact. We value those with a visionary mindset who anticipate what’s next and push cybersecurity forward, and we celebrate exceptional execution that ensures we continue to defend data and protect people. Proofpoint is an equal opportunity employer, we hire without consideration to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, veteran status or disability. Find your network, your allies, and your biggest fans. We know that work is simply better when you’re surrounded by people who inspire you—who share ideas, cheer you on, and genuinely want to see you succeed. That’s why we offer social circles, sponsored networks, and connection points across teams and time zones—to help you find your people, build your community, and thrive together. This isn’t just a job—it’s a mission to protect people and defend data in a world that never slows down. We’re building the future of human-centric cybersecurity, and that future belongs to all of us. We take ownership, move fast, and hold ourselves accountable—because that’s what it takes to stay ahead. And we do it together, winning as one. Be empowered to reach your full potential through meaningful challenges and personalized support—designed around you and your goals. Whether you're growing as a leader or leveling up from great to exceptional as an individual contributor, we’re here to help you get there.
