Business Information Security Officer

Calling all originals: At Levi Strauss & Co., you can be yourself — and be part of something bigger. We're a company of people who like to forge our own path and leave the world better than we found it. Who believe that what makes us different makes us stronger. So add your voice. Make an impact. Find your fit — and your future.

The Business Information Security Officer (BISO) will be the primary contact between the cybersecurity function and their assigned business unit(s), region, service line, platforms(s), and/or corporate team. The BISO is a trusted business and cybersecurity leader who partners with business unit leadership to embed security into strategy, operations, and product delivery. You will be a part of a team of BISOs supporting multiple business portfolios, translating enterprise security objectives into business‑aligned outcomes. The BISO drives risk reduction, compliance readiness, secure enablement of growth, and measurable improvements in security posture—while ensuring security is a business enabler, not a blocker. You will report to the Senior Director of Risk & Strategy for the Global Information Security team.

About the Job

• Be a subject matter expert (SME) between cybersecurity and the lines of business in the development of appropriate policies, standards, and frameworks

• Recommend resources (e.g., security architects, engineers) to achieve outcomes

• Monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function

• Follow all risk remediation protocols to ensure issues are reduced, risks are accounted for and exceptions are tracked following frameworks, policies and standards set by our organization

• Work with BUs to align funding requirements with strategic projects

• Participate in cybersecurity and business-related councils or working groups

• Oversee vendor onboarding and monitoring; enforce third‑party security requirements, issue remediation plans, and track residual risk.

• Collaborate with Procurement, Legal, and Business Owners to embed security in contracts and due diligence.

• Partner with Audit, Legal, Privacy, and Compliance on controls testing, obligations, and readiness.

• Educate partners on cybersecurity-related matters to increase awareness and improve culture

• Develop an understanding of business goals and reframe risk discussions in business terms

• Constructively engage business partners regarding cybersecurity issues

• Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions

• Challenge business partners' assumptions about value drivers and present an alternate perspective

• Investigate security incidents and develop remediation plans in collaboration with CSIRT or other partners responsible for incident response

• Establish standard operating procedures for business engagement, risk management, exception handling, and escalation

About You

• Education: A BA/BS in a Business or Computer Science, Information Security, Engineering, or related field. MBA or MS in Cybersecurity or Information Security desirable but not required.

• 7+ years of progressive experience in cybersecurity, risk management, or technology governance; experience influencing senior business leaders.

• Expertise in security programs in complex global, matrixed organizations.

• Certifications Preferred: CRISC, CISSP, and CISM.

• Experience with risk assessment, incident response, and security audits

• Experience with GRC platforms, cloud security, and DevSecOps

• Experience with many security technologies, including firewalls, artificial intelligence, intrusion detection systems, access control systems, and encryption

• Experience with security frameworks, methodologies, and regulations such as NIST Cybersecurity Framework (CSF) and ISO/IEC 27001, FAIR, PCI-DSS, GDPR, SOC 2, HIPAA

• Deep understanding of business operations and how initiatives create value and risk

• Demonstrated strength in coaching and developing teams to improve outcomes

This is a hybrid work schedule based in our San Francisco, CA headquarters. You will be expected in office 3 days per week typically Tuesday-Thursday. Note, time in office can vary depending on business needs.

Levi Strauss & Co. (LS&Co.) offers a total rewards package that includes base pay, incentive plans, 401(k) matching, paid leave, health insurance, product discounts, and more designed to help you and your family stay healthy, meet your financial goals, and balance the demands of your work and personal life. Available benefits and incentive compensation vary depending upon the specifics of the role; details relating to a specific role will be made available upon request. Read more about our benefits .

LS&Co. is an affirmative action and equal employment opportunity employer. We welcome and value people from diverse cultures, backgrounds, and experiences to make LS&Co. a collective success.

#LI-hybrid

EOE M/F/Disability/Vets

LOCATION

San Francisco, CA, USA

FULL TIME/PART TIME

Full time

FILL DATE

This position is expected to be filled by 03/22/2026.