Posted:
12/21/2025, 4:00:00 PM
Location(s):
San Francisco, California, United States ⋅ California, United States
Experience Level(s):
Mid Level ⋅ Senior
Field(s):
IT & Security
Workplace Type:
Hybrid
Calling all originals: At Levi Strauss & Co., you can be yourself — and be part of something bigger. We're a company of people who like to forge our own path and leave the world better than we found it. Who believe that what makes us different makes us stronger. So add your voice. Make an impact. Find your fit — and your future.
The Business Information Security Officer (BISO) will be the primary contact between the cybersecurity function and their assigned business unit(s), region, service line, platforms(s), and/or corporate team. The BISO is a trusted business and cybersecurity leader who partners with business unit leadership to embed security into strategy, operations, and product delivery. You will be a part of a team of BISOs supporting multiple business portfolios, translating enterprise security objectives into business‑aligned outcomes. The BISO drives risk reduction, compliance readiness, secure enablement of growth, and measurable improvements in security posture—while ensuring security is a business enabler, not a blocker. You will report to the Senior Director of Risk & Strategy for the Global Information Security team.
Be a subject matter expert (SME) between cybersecurity and the lines of business in the development of appropriate policies, standards, and frameworks
Recommend resources (e.g., security architects, engineers) to achieve outcomes
Monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function
Follow all risk remediation protocols to ensure issues are reduced, risks are accounted for and exceptions are tracked following frameworks, policies and standards set by our organization
Work with BUs to align funding requirements with strategic projects
Participate in cybersecurity and business-related councils or working groups
Oversee vendor onboarding and monitoring; enforce third‑party security requirements, issue remediation plans, and track residual risk.
Collaborate with Procurement, Legal, and Business Owners to embed security in contracts and due diligence.
Partner with Audit, Legal, Privacy, and Compliance on controls testing, obligations, and readiness.
Educate partners on cybersecurity-related matters to increase awareness and improve culture
Develop an understanding of business goals and reframe risk discussions in business terms
Constructively engage business partners regarding cybersecurity issues
Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
Challenge business partners' assumptions about value drivers and present an alternate perspective
Investigate security incidents and develop remediation plans in collaboration with CSIRT or other partners responsible for incident response
Establish standard operating procedures for business engagement, risk management, exception handling, and escalation
Education: A BA/BS in a Business or Computer Science, Information Security, Engineering, or related field. MBA or MS in Cybersecurity or Information Security desirable but not required.
7+ years of progressive experience in cybersecurity, risk management, or technology governance; experience influencing senior business leaders.
Expertise in security programs in complex global, matrixed organizations.
Certifications Preferred: CRISC, CISSP, and CISM.
Experience with risk assessment, incident response, and security audits
Experience with GRC platforms, cloud security, and DevSecOps
Experience with many security technologies, including firewalls, artificial intelligence, intrusion detection systems, access control systems, and encryption
Experience with security frameworks, methodologies, and regulations such as NIST Cybersecurity Framework (CSF) and ISO/IEC 27001, FAIR, PCI-DSS, GDPR, SOC 2, HIPAA
Deep understanding of business operations and how initiatives create value and risk
Demonstrated strength in coaching and developing teams to improve outcomes
This is a hybrid work schedule based in our San Francisco, CA headquarters. You will be expected in office 3 days per week typically Tuesday-Thursday. Note, time in office can vary depending on business needs.
The expected starting salary range for this role is $132,900 - $194,900 per year. We may ultimately pay more or less than the posted range based on the location of the role. The amount a particular employee will earn within the salary range will be based on factors such as relevant education, qualifications, performance and business needs.
Levi Strauss & Co. (LS&Co.) offers a total rewards package that includes base pay, incentive plans, 401(k) matching, paid leave, health insurance, product discounts, and more designed to help you and your family stay healthy, meet your financial goals, and balance the demands of your work and personal life. Available benefits and incentive compensation vary depending upon the specifics of the role; details relating to a specific role will be made available upon request. Read more about our benefits here.
LS&Co. is an affirmative action and equal employment opportunity employer. We welcome and value people from diverse cultures, backgrounds, and experiences to make LS&Co. a collective success.
#LI-hybrid
FILL DATE
This position is expected to be filled by 03/22/2026.Website: https://www.levistrauss.com/
Headquarter Location: San Francisco, California, United States
Employee Count: 10001+
Year Founded: 1853
IPO Status: Public
Last Funding Type: Post-IPO Debt
Industries: Apparel ⋅ Fashion ⋅ Lifestyle ⋅ Retail