Business Information Security Officer, Europe

We are looking for a Business Information Security Officer (BISO), Europe, to join our team in London, reporting to the Senior Manager, Business Information Security Office and Strategy.

As the BISO for Europe, you will play a key role as the bridge between our central cybersecurity function and the regional business teams. You will work closely with regional leadership to understand business goals, embed cybersecurity, including AI-related risks into operational strategies, and drive alignment between business and security objectives. You will also lead efforts to identify and assess risks, advise on mitigation approaches, and foster a strong culture of security awareness across the region.

KEY RESPONSIBILITIES

• Business Partnership & Advisory: Collaborate with regional business leaders and managers to serve as a trusted advisor on cybersecurity matters, including new areas like AI security. Develop an understanding of regional team goals and processes to communicate cyber risks in e-commerce, retail and wholesale business teams. Advise regional management on cybersecurity risk levels, posture, and the potential impact of threats. Support regional leadership by contributing to the cost-benefit analysis of information security programs. Partner with Privacy team and legal counsel on several due diligence and data related functions.
• Risk Management & Governance: Support the implementation and management of regional third-party risk management activities, which includes performing third-party risk assessments. Experience with PCI compliance. Manage, lead, and conduct PCI assessment for the different countries in scope partnering with app owners and payment gateway solutions. Help build the regional data loss prevention (DLP) program components and understand business impact. Advise on the implementation of corporate AI governance and security posture management for AI systems within the region. Ensure regional adherence to risk remediation protocols, tracking mitigation efforts and exceptions according to established frameworks and standards (NIST CSF, CIS, etc.). Help establish a clear path to communicate risk within supported businesses.
• Communication & Culture: Constructively engage partners regarding cybersecurity issues and requirements. Maintain relationships with respective point of contacts. Understand different cultures in the European regions and stay on top of changing and new regulatory requirements. Educate regional partners on cybersecurity-related matters, including data and operational risks and best practices, to increase awareness and foster a security-conscious culture. Participate in relevant cybersecurity and business-related councils or working groups. Facilitate communication between regional departments and central cybersecurity teams (e.g., security architects, engineers).

ABOUT YOU

• Bachelor's degree in Information Security, Computer Science, Engineering, or a related field.
• Experience engaging with and influencing multiple management levels regarding business specific Information Security Risk briefing and reporting.
• Experience operating within the European regulatory landscape (e.g., GDPR).
• 6+ years of experience in cybersecurity, Network/Application security, IT risk management, or a similar role, with demonstrated experience in business partnering or liaison functions.
• Experience with cybersecurity principles, risk management frameworks (e.g., NIST CSF, CIS v8, PCI, etc.), and security technologies.
• Familiarity with AI concepts, AI-specific security risks, and AI governance frameworks (e.g., NIST AI RMF, EU AI Act principles).
• Experience with AI security posture management.
• Relevant certifications (e.g., CISSP, CISM, CRISC).

LS&Co. is an affirmative action and equal employment opportunity employer. We welcome and value people from diverse cultures, backgrounds, and experiences to make LS&Co. a collective success.