Business Information Security Officer

We are HCLTech, one of the world’s largest and fastest growing technology and DSA companies with over 227,000 professionals across 60 countries, driving progress through industry-leading capabilities focused on Digital, Engineering and Cloud.

The driving force behind this work, our people, is a diverse, creative and passionate audience that enables us to continually raise the bar for excellence in our services. We strive to empower each of our professionals to achieve their best, while also striving to help them find their daily inspiration and become the best version of themselves.

Job Title: Business Information Security Officer (BISO / BSO)

Role Summary The Business Information Security Officer (BISO/BSO) serves as the primary security liaison between the business, enterprise security, and GRC functions. The role ensures that information security risks are appropriately identified, assessed by accountable teams (e.g., GRC, vendor risk, compliance), clearly communicated to business stakeholders, and effectively acted upon.

The BISO enables secure-by-design execution across business initiatives while ensuring alignment with enterprise security frameworks and regulatory requirements such as ISO 27001, SOC 2, NIST, and FedRAMP.

Key Responsibilities 1. Secure-by-Design Advisory & Consulting

Act as a trusted security advisor to business and delivery teams, embedding security-by-design principles into initiatives from early design stages. Translate enterprise security standards and regulatory requirements (ISO 27001, SOC 2, NIST, FedRAMP) into actionable guidance and security user stories. Collaborate with architecture, engineering, and security teams to ensure security requirements are understood and incorporated into solution design.

2. SDLC Security Enablement (Coordination Role)

Ensure security requirements are integrated into SDLC processes for in-scope applications. Coordinate with GRC, application security, and engineering teams to ensure security assessments, control validation, and remediation activities are executed. Track security findings and ensure remediation plans are clearly understood and actioned by delivery teams.

3. Third-Party Risk & Due Diligence Coordination

Act as the business-facing liaison for third-party risk management activities conducted by GRC and vendor risk teams. Ensure due diligence requests are completed by relevant stakeholders and that outcomes are communicated in business terms. Facilitate business understanding of vendor risk posture and support informed risk decisions.

4. Divestiture / Transformation Support (Orthopedic Programs)

Support security activities for orthopedic divestiture and transformation initiatives. Coordinate across IT, GRC, security, and business teams to ensure security requirements are addressed during transition planning and execution. Ensure alignment with enterprise security frameworks and regulatory obligations throughout the transformation lifecycle.

5. Physical Site Security Coordination

Support physical security assessments for scoped orthopedic sites conducted by appropriate security teams. Ensure findings, gaps, and remediation actions are clearly communicated to business and site leadership. Track remediation progress and support closure of identified risks.

6. Risk Governance, Communication & Collaboration

Facilitate security risk acknowledgement and decision-making discussions between GRC and business stakeholders. Ensure risks, control gaps, and mitigation plans are clearly understood and appropriately documented. Enable risk acceptance processes by ensuring business stakeholders are informed and aligned. Collaborate across multiple teams (GRC, IT, engineering, legal, compliance, and business units) to ensure coordinated security outcomes.

Key Deliverables Security-by-design guidance aligned to ISO 27001, SOC 2, NIST, and FedRAMP frameworks Coordinated tracking of SDLC security activities and remediation status Third-party risk communication summaries (from GRC outputs) Divestiture security coordination artifacts and transition support documentation Physical site assessment coordination reports and action tracking Risk acknowledgement and acceptance documentation Executive-level security status reporting for business stakeholders

Core Competencies Strong understanding of enterprise security frameworks: ISO 27001, SOC 2, NIST, FedRAMP Excellent stakeholder management and cross-functional collaboration skills Ability to translate technical risk into business impact and decision-ready language Strong coordination

Equality & Opportunity for All Representing 165 nationalities worldwide, we are proud to be an equal opportunity employer committed to providing equal employment opportunities to all applicants and employees without regard to race, religion, sex, color, age, national origin, pregnancy, sexual orientation, disability or genetic information, or any other protected classification, in accordance with federal, state and/or local laws

At HCLTech, we don’t just offer jobs — we offer journeys. Join a global team where your work drives innovation, your ideas matter, and your growth is supported every step of the way.

Why Choose HCLTech? Be part of a purpose-led organization with a global footprint Collaborate with diverse teams across borders Work on cutting-edge technologies in enterprise integration Enjoy career mobility, continuous learning, and a culture of inclusion