1

Biso Jobs (NOW HIRING)

next page

Showing results 1-20

Biso information

See salary details

$36.5K

$89K

$156.5K

How much do biso jobs pay per year?

As of Jul 15, 2026, the average yearly pay for biso in the United States is $88,983.00, according to ZipRecruiter salary data. Most workers in this role earn between $55,500.00 and $130,500.00 per year, depending on experience, location, and employer.

What is a biso vs CISO?

A BISO (Business Information Security Officer) is responsible for aligning cybersecurity strategies with business goals and managing security risks at the operational level. A CISO (Chief Information Security Officer) holds a senior executive role overseeing the entire organization's security program, policies, and compliance. Both roles require strong security knowledge, but the CISO typically has broader strategic and leadership responsibilities.

What is the difference between Biso vs Data Analyst?

AspectBisoData Analyst
Required CredentialsTypically a diploma or certification in business or financeBachelor's degree in statistics, data science, or related field
Work EnvironmentOffice settings, financial institutions, or corporate environmentsOffice or remote, working with data sets and reporting tools
Industry UsageFinance, banking, and business sectorsTechnology, marketing, healthcare, and finance
Common Search/ComparisonOften compared for roles involving business operations and data handlingMore focused on data analysis and interpretation

The main difference between a Biso and a Data Analyst lies in their focus and skill set. Biso roles typically emphasize business operations and financial processes, requiring certifications in business or finance. Data Analysts focus on analyzing data, requiring skills in statistics and data tools. While both work with data, Biso professionals are more involved in business decision support, whereas Data Analysts interpret data to inform strategies.

What is a biso role?

A Biso role typically refers to a position within a company or organization, often related to specific operational or technical responsibilities. The exact duties depend on the industry and context, but it may involve tasks such as project coordination, technical support, or administrative functions. Relevant skills often include communication, organization, and familiarity with industry-specific tools or processes.

How much does a CISO get paid?

A Chief Information Security Officer (CISO) typically earns between $150,000 and $250,000 annually, with salaries varying based on company size, industry, and experience. CISOs often hold advanced certifications like CISSP and have extensive cybersecurity management experience, which can influence compensation.

What are the key skills and qualifications needed to thrive as a Business Information Security Officer (BISO), and why are they important?

To thrive as a Business Information Security Officer (BISO), you need a solid background in information security, risk management, and a relevant degree such as computer science or cybersecurity, often complemented by certifications like CISSP or CISM. Familiarity with security frameworks (such as NIST or ISO 27001), incident response tools, and governance, risk, and compliance (GRC) systems is typically required. Strong communication, relationship-building, and strategic thinking skills help BISOs bridge gaps between IT security and business objectives. These skills are critical for aligning security initiatives with business needs, protecting organizational assets, and ensuring regulatory compliance.

What is the salary of a biso?

The salary of a Biso varies depending on the industry, location, and experience level. Typically, Biso roles may offer hourly wages or annual salaries within the entry to mid-level range, often supplemented by benefits and opportunities for skill development. Exact figures can be found through specific job postings or industry salary surveys.

What are the main responsibilities and challenges faced by a Business Information Security Officer (BISO) in supporting both business objectives and cybersecurity initiatives?

A Business Information Security Officer (BISO) acts as a bridge between the cybersecurity team and business units, ensuring that security strategies align with business goals. Their key responsibilities include assessing security risks, advising on compliance, and facilitating the integration of security measures into business processes. One common challenge is balancing the need for robust security controls with the business's desire for agility and innovation. BISOs often collaborate closely with IT, compliance, and executive leadership, requiring excellent communication and negotiation skills. This role provides opportunities for career growth into senior security leadership or broader risk management positions.

What are BISO roles and what do they do?

BISO stands for Business Information Security Officer. A BISO acts as a bridge between an organization’s business units and its information security team. They are responsible for ensuring that security strategies align with business objectives, managing business-specific security risks, and promoting a culture of security awareness within their assigned unit. BISOs often work closely with executives, IT teams, and compliance officers to implement security policies, respond to incidents, and ensure regulatory compliance.
What cities are hiring for Biso jobs? Cities with the most Biso job openings:
What are the most commonly searched types of Biso jobs? The most popular types of Biso jobs are:
What states have the most Biso jobs? States with the most job openings for Biso jobs include:
Infographic showing various Biso job openings in the United States as of July 2026, with employment types broken down into 100% Full Time. Highlights an 80% In-person, and 20% Hybrid job distribution, with an average salary of $88,983 per year, or $42.8 per hour.

Sr. Director, GRC, IT Controls & Cyber Culture, Orthopedics

Jj

Palm Beach Gardens, FL

$105K - $141K/yr

Full-time

Retirement, PTO

Posted yesterday

New


Job description

At Johnson & Johnson,we believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented, treated, and cured,where treatments are smarter and less invasive, andsolutions are personal.Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

People Leader

All Job Posting Locations:

Palm Beach Gardens, Florida, United States of America, Raritan, New Jersey, United States of America, Raynham, Massachusetts, United States of America, Warsaw, Indiana, United States of America, West Chester, Pennsylvania, United States of America

Job Description:

DePuy Synthes is recruiting for a(n) Sr. Director, GRC, IT Controls andCyberCulture.

Johnson & Johnson announced plans to separate our Orthopedics business toestablisha standalone orthopedics company, operatingasDePuy Synthes. The process of the planned separation isanticipatedto be completed within 18 to24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may berequired, regulatory approvals and other customary conditions and approvals. Should you accept this position, it isanticipatedthat, following conclusion of the transaction, you would be an employee of DePuySynthesand your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes atan appropriate timeand subject to any necessary consultation processes.

Job Overview

This role serves as a senior cybersecurity leader reporting to the CISO, with enterprise accountability for building, maturing, and operationalizing the Governance, Risk & Compliance (GRC) function across DePuy Synthes. The Sr. Director will oversee the BISO manager organization,establishscalable risk governance practices, strengthen security awareness andbehavior basedculture programs, and drive implementation of IT controls and an enterprise assurance framework. The role will also oversee external cybersecurity assessments and disclosures, including cyber insurance, ESG-related cybersecurity inputs, and other third-party assurance activities. This highly visible leadership role will help ensure cybersecurity risk, compliance, control effectiveness, and cultural adoption are consistently managed across the enterprise in support of business priorities, regulatory expectations, and organizational resilience.

Key Responsibilities

  • Build and mature the enterprise GRC function, including governance forums, risk management processes, compliance oversight, control monitoring, issue management, and executive reporting.

  • Provide leadership and oversight for the BISO manager organization, ensuring consistent engagement with business leaders, effective cyber risk advisory support, and alignment of security priorities to businessobjectives.

  • Lead enterprise cyber risk management activities, including risk identification, assessment, mitigation planning, escalation, and reporting to senior leadership and governance bodies.

  • Own the enterprise cybersecurity policy and standards lifecycle - from creation and implementation to continuous review - ensuring clarity, compliance, and alignment with organizational goals.

  • Oversee SOX cybersecurity and IT control activities, including implementation, operating effectiveness,evidencereadiness, remediation tracking, and partnership with Finance, Internal Audit, External Audit, and IT control owners.

  • Establish and operationalize an enterprise IT controls and assurance framework that enables consistent control design, testing, monitoring, reporting, and continuous improvement across the organization.

  • Lead oversight of external cybersecurity assessments and assurance requests, including cyber insurance questionnaires, ESG-related cybersecurity inputs, customer or partner assessments, and other third-party reviews requiring enterprise cyber risk and control representation.

  • Drive cybersecurity compliance with applicable global regulations, standards, and frameworks, ensuring the organization candemonstratecontrol effectiveness and audit readiness.

  • Lead security awareness, behavior, and culture initiatives that improve workforce accountability, reducehumancentricrisk, and embed secure practices intodaytodaybusiness operations.

  • Lead and develophighperformingcybersecurity leaders and teams, fostering a culture of accountability, collaboration, disciplined execution, and continuous improvement.

  • Provideexecutivelevelreporting on cybersecurity risk, compliance status, control effectiveness, assurance outcomes, and program maturity to senior leadership and governance bodies.

Qualifications

Education

  • Required:Bachelor's degree in Information Security, Computer Science, Engineering, ora relatedfield.

  • Preferred: Master's degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.

Experience and Skills

Required:

  • 12-14 years of progressive experience in cybersecurity, information security, technology risk management, IT controls, or GRC, including senior leadership roles.

  • Demonstrated experience building or maturing enterprise GRC programs in a regulated, global, or complex operating environment.

  • Experience leading BISO, cyber risk advisory, security governance, or business aligned cybersecurity teams.

  • Deep knowledge of cybersecurity risk management, compliance frameworks, IT controls, SOX control expectations, assurance practices, and audit readiness.

  • Experience overseeing external cybersecurity assessments, including cyber insurance, ESG-related cybersecurity reporting, customer or partner assessments, and third-party assurance requests.

  • Experience building, mentoring, and leading senior level cybersecurity teams.

  • Strong strategic, analytical, and communication skills, with the ability to translate technical risk, control gaps, and compliance obligations into business impact.

Preferred:

  • Experience implementing or transforming enterprise IT controls, SOX programs, control testing, remediation governance, and assurance frameworks.

  • Experience driving cybersecurity awareness, behavior change, and culture programs across a large enterprise.

  • Experienceoperatingin complex, global organizations undergoing transformation or separation.

  • Demonstrated success improvingcybersecuritymaturity, control effectiveness, and risk accountability at scale.

  • Proven ability to influence executive stakeholders andpartnereffectively across IT, Finance, Internal Audit, External Audit, Legal, Risk, Compliance, and business leadership functions.

Other:

  • Language: English (fluent)

  • Travel: Up to 20%, domestic and international

  • Certifications (preferred): CISSP, CISM, CRISC, or equivalent

For more information on how we support the whole health of our employees throughout their wellness,careerand life journey, please visitwww.careers.jnj.com.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.

#DePuySynthesCareers

Required Skills:

Preferred Skills:

Business Process Design, Crisis Management, Critical Thinking, Cybersecurity, Developing Others, Inclusive Leadership, Industry Analysis, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Leadership, Presentation Design, Process Optimization, Risk Management Framework, Security Architecture Design, Security Policies, Strategic Thinking

The anticipated base pay range for this position is :

$178,000.00 - $307,050.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)).
This position is eligible to participate in the Company's long-term incentive program.
Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:
Vacation -120 hours per calendar year
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado -48 hours per calendar year; for employees who reside in the State of Washington -56 hours per calendar year
Holiday pay, including Floating Holidays -13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave - 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave - 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave - 80 hours in a 52-week rolling period10 days
Volunteer Leave - 32 hours per calendar year
Military Spouse Time-Off - 80 hours per calendar year
For additional general information on Company benefits, please go to: - https://www.careers.jnj.com/employee-benefits