Sr. Manager - Business Information Security (SDLC)

• Plays a critical role within the BISO organization by translating business security requirements into practical technical controls and engineering solutions
• Supports the Director / AVP - BISO in securing business operations and strengthening overall security posture
• Contributes to building and enhancing security capabilities across business functions
• Ensures continuous risk identification, mitigation, and reduction across the organization
• Acts as a hands-on security engineer with strong technical depth
• Demonstrates effective stakeholder management and cross-functional collaboration skills
• Brings a strong bias toward automation, scalability, and measurable security outcomes

What you'll Do

• Establish, run, and scale the BISO program across engineering, product, data, CX and platforms
• Act as the security partner for product, engineering, CX teams support champions in identifying risks, writing threats, evaluating abuse cases, and recommending countermeasures
• Ensure security guardrails, patterns, and best practices are adopted early in the SDLC
• Enable teams to perform secure code checks, threat modeling, and first-line vulnerability triage
• Participate in design discussion and sprint calls for enabling security
• Work with architecture teams to embed secure-by-design principles into technical design documents
• Partner with other information security functions to ensure alignment with enterprise risk appetite and security frameworks
• Deliver structured learning paths, workshops, and capability uplift programs for Security Champions
• Drive adoption of AppSec, CloudSec, DevSecOps best practices, and self-service security guardrails
• Track key security KPIs (defect density, misconfiguration volume, secure-pattern adoption) and maintain reporting dashboards for leadership
• Build a strong internal community through knowledge-sharing sessions, forums, newsletters, and gamification activities
• Collaborate with Product Security, Cloud Security, GRC, and Engineering leadership to uplift org-wide security maturity

you'll Excel in This Role If You

• 5-8+ years of experience in security engineering, application security, cloud security, or DevSecOps
• Good understanding of security domains, processes, risks and controls Hands-on experience in at least one of: penetration testing, software engineering, security architecture, or secure product development
• Good understanding of software engineering practices with ability to undertake security assessments and understand risk presented by vulnerabilities
• Good understanding of technical security infrastructure, controls, and architectures at scale Good understanding of information security controls and risk mitigation strategies
• Support the business stakeholders with the execution and delivery of cross-functional security projects
• Govern risk remediation progress in close collaboration with business/department stakeholders
• Familiarity with SOC2/ISO 27001/NIST controls
• Strong understanding of threat modelling and risk assessment
• Any one or more of industry certifications such as CISA, CISSP, CISM, CCSP, AWS/GCP security etc