Business Information Security Officer (BISO)

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Job Title: Business Information Security Officer (BISO)

About the team

Salesforce's Product Security team, a vital part of the broader Security organization, is dedicated to securing our customer data and assets while proactively managing risk and enhancing security posture. We thrive on deep collaboration with product and engineering teams to achieve optimal risk outcomes and maintain the trust our customers place in us.

We're seeking two highly accomplished Business Information Security Officers (BISOs) to join our team, one supporting our Availability & Infrastructure Engineering (AiE) team and the other our Hyperforce Platform Services (HPS) team. You will be leading security accountability for critical areas of our infrastructure and platform. These roles require moving beyond traditional compliance to become co-owners of security outcomes.

BISO for Availability & Infrastructure Engineering (AiE)

As the BISO for AiE, you will assume accountability for the security risk posture of the teams that keep Salesforce running 24/7/365-including Site Reliability Engineering (SRE), Big Data Observability, and Global Incident Response.

Your Mission:

• Partner with AiE leadership to prioritize security risks within the context of mission-critical availability

• Be the "Voice of Security" for operational teams where availability is intrinsically linked to security

• Champion "Security for Operations" mindset, ensuring incident response frameworks, observability pipelines, and change management processes are robust against both adversarial threats and operational errors

• Integrate "Security as Code" within CI/CD and release pipelines

• Govern the use of AI in operations to automate security defenses and support operational resiliency

BISO for Hyperforce Platform Services (HPS)

As the BISO for HPS, you will secure the foundation of our business-our "Hyperforce" architecture-operating as the "Voice of Security" embedded with our most critical engineering teams.

Your Mission:

• Partner with HPS leadership and architects to translate complex risks into engineering reality

• Bring a "platform" mindset, understanding that security controls at the platform and infrastructure layer deliver exponential scale and value to downstream cloud tenants

• Bridge the gap between "architectural risks" (multi-substrate security, cloud dependencies) and "operational risks" (patch management, configuration drift)

• Foster a culture where security is indistinguishable from quality

• Ensure risk decisions are deeply informed by specific technical context, constraints, and capabilities of our systems

Your Impact - Core Responsibilities (Both Roles)

• Security Accountability & Partnership: Partner with product and engineering leadership to collaboratively prioritize security initiatives, negotiate trade-offs, and ensure executive-level accountability for achieving security and business outcomes

• Strategic Risk Communication: Translate complex technical security signals into clear, compelling, and actionable executive and board-level business narratives

• Operational Risk Management: Deliver regular, metric-driven readouts on security risk posture, actively maintain the Security Risk Register, and lead security due diligence for remediation timelines

• Secure-by-Design/Secure-in-Operations Culture: Foster a culture of shared security responsibility by integrating security and compliance requirements throughout the infrastructure lifecycle

• AI-Driven Optimization: Leverage generative AI technologies to reduce manual toil and enhance security risk management

Minimum Requirements

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field (equivalent experience may be considered)

• 10+ years of professional experience in security risk management, with at least 5 years dedicated to security operational roles supporting major cloud platforms (AWS, GCP, or multi-cloud environments)

• Exceptional executive presence, negotiation, and influence skills with ability to partner at VP+ level without direct authority

• High risk acumen and extensive experience managing complex portfolios of security risks

• Strong working knowledge of industry standards and regulations (NIST CSF, ISO 27001, SOC 2, NIST 800-160, ISO 27035, ITIL v4, DORA)

• Proven ability to build strong partnerships across all security functions (CSOC, Product Security, GRC, Enterprise Security)

• Strong understanding of CI/CD security, infrastructure-as-code, and zero-trust architecture principles

• Experience acting as a key stakeholder during major security incidents, managing executive escalations, and driving post-incident remediation

Additional Requirements for AiE Team:

• Experience managing globally distributed teams across multiple time-zones with 24/7 on-call responsibilities

• Strong grasp of availability metrics (SLAs, SLOs, error budgets) and ability to balance these with security error budgets

• Foundational experience in SRE, DevOps, Big Data, or observability platforms

• Experience with auto-remediation platforms and chaos engineering

Additional Requirements for HPS Team:

• Solid understanding of hyper-scale architectures (like Hyperforce), containerization (Kubernetes), microservices, and distributed systems

• Experience building or leading vulnerability management programs with context-based prioritization (SSVC, EPSS)

• Strong understanding of IAM lifecycle, governance, and architecture (Least Privilege, RBAC/ABAC, SSO, MFA)

Preferred Qualifications

• Demonstrated experience as a Business Information Security Officer (BISO) or equivalent security leadership role

• Certifications such as CCSP, CISSP, CISM, AWS Certified Security Specialty, GCP Security Engineer, or CKS

• Strong understanding of Secure SDLC, threat modeling, and integrating security checks (SAST/DAST) into development pipelines

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.