Business Information Security Officer

Join the leader in entertainment innovation and help us design the future. At Dolby, science meets art, and high tech means more than computer code. As a member of the Dolby team, you’ll see and hear the results of your work everywhere, from movie theaters to smartphones. We continue to revolutionize how people create, deliver, and enjoy entertainment worldwide. To do that, we need the absolute best talent. We’re big enough to give you all the resources you need, and small enough so you can make a real difference and earn recognition for your work. We offer a collegial culture, challenging projects, and excellent compensation and benefits, not to mention a Flex Work approach that is truly flexible to support where, when, and how you do your best work. Dolby’s consumer entertainment and cinema businesses are bringing Dolby’s breakthrough technologies, powering the world’s top movies, TV shows, music, games, and live sports to more places around the world across a wider range of consumer experiences and devices. The Business Information Security Officer (BISO) serves as the primary liaison between the Business Unit / Region and Dolby’s Global Cybersecurity organization. Operating on behalf of the CISO, the BISO embeds within the business to understand its strategy, processes, and risk profile, then translates cybersecurity requirements into business‑aligned initiatives and outcomes. This role acts as both a cybersecurity champion (evangelizing and implementing the enterprise security strategy in the business) and a business champion (representing business priorities and constraints back into the security function). The BISO does not own business risk; rather, the BISO advises, challenges, and supports business leaders in understanding, accepting, remediating, or transferring cyber risk within the organization’s risk appetite. Key Responsibilities Strategic Security Partnership & Governance Serve as the trusted cybersecurity advisor to Business Unit / Region leadership, participating in BU leadership forums, planning cycles, and governance routines. Translate Dolby’s global cybersecurity strategy, policies, and standards into actionable, BU‑specific roadmaps and controls. Ensure security is integrated into business strategy and major initiatives from inception through execution. Act as the “voice of the business” to the CISO, ensuring security investments, priorities, and controls reflect BU realities and objectives. Risk Management & Compliance Lead or coordinate cybersecurity risk assessments for the BU, including applications, products, processes, and critical assets, using approved risk methodologies. Facilitate identification, evaluation, treatment, and tracking of cyber risks; work with risk owners to define and implement remediation plans and risk acceptances. Support compliance with relevant regulatory, legal, and contractual requirements (e.g., SOX, GDPR, ISO 27001, TISAX, NIST CSF, etc.), coordinating with Legal, Compliance, Privacy, and Internal Audit as needed. Prepare for and support internal and external audits, certifications, and regulatory examinations impacting the BU. Security Integration into Projects, Products, and Technology Embed security‑by‑design principles into BU projects, products, and services; ensure appropriate security requirements, architecture reviews, and testing are performed. Partner with Enterprise/ Security Architecture and Engineering teams to ensure BU solutions align with reference architectures, standards, and patterns. Review and advise on security aspects of solution designs, change requests, and exceptions, balancing business agility with risk reduction. Incident Preparedness, Response, and Resilience Act as the primary BU point of contact for security incidents, data breaches, and significant vulnerabilities; coordinate with the SOC, IR team, and business stakeholders. Support post‑incident reviews, lessons learned, and tracking of corrective actions within the BU. Third‑Party and Supply Chain Security Support or lead security risk assessments of key third‑party vendors, partners, and service providers used by the BU, in coordination with central Third‑Party Risk Management. Review and advise on contractual security requirements and SLAs for BU vendors and partners. Monitor and help remediate third‑party security gaps that could affect BU operations, data, or customers. Security Awareness, Culture, and Training Champion a culture of shared responsibility for cybersecurity within the BU; make security understandable, relevant, and actionable for non‑technical stakeholders. Partner with central security awareness teams to tailor and deliver BU‑specific training, phishing simulations, workshops, and communications. Provide targeted guidance to high‑risk roles (e.g., developers, privileged admins, sales with access to sensitive data, executives) on secure behaviors and practices. Metrics, Reporting, and Performance Management Develop and maintain BU‑level security and risk metrics (KPIs/KRIs) aligned with enterprise dashboards and frameworks. Provide regular reporting to BU leadership and the CISO on cyber risk posture, control effectiveness, incidents, exceptions, and remediation progress. Use data to support risk‑based decision‑making and to demonstrate the value and impact of security investments within the BU. Stakeholder Management and Leadership Build strong relationships with BU leaders, product owners, IT, engineering, finance, people, marketing, legal, and other stakeholders to drive alignment and shared outcomes. Mediate between cybersecurity teams and business teams to resolve conflicts, clarify requirements, and negotiate risk‑appropriate solutions. Mentor and influence cross‑functional teams within the BUs to improve their understanding of cyber risk and their role in managing it. Experience 8+ years of progressive experience in information/cybersecurity, IT risk, technology, or related roles, with significant exposure to business stakeholders. Demonstrated experience in at least two of the following domains: security architecture/engineering, security operations, GRC, application security, cloud security, or data protection. Proven track record functioning as a security or technology partner to business units, product lines, or regions (e.g., BISO, Security Business Partner, Security Architect, Risk Partner). Experience working within established frameworks such as ISO 27001/2, NIST CSF, NIST 800‑53/171, or similar. Experience in a regulated industry is highly desirable. Skills and Competencies Technical & Risk Skills Broad understanding of information security domains: network and cloud security, identity and access management, application security, data protection, vulnerability management, incident response, and security monitoring. Strong knowledge of risk management principles, control design, and assessment methodologies. Familiarity with regulatory requirements and standards relevant to the organization’s industry and geographies (e.g., SOX, GDPR, ISO 27001, TISAX, NIST CSF, sectoral regulations, etc.). Business & Interpersonal Skills Strong business acumen with the ability to understand BU strategy, value chains, and operating models, and to align security accordingly. Exceptional communication skills, capable of translating technical risks into business language and vice versa, and tailoring messages to executives, technical teams, and frontline staff. Proven ability to influence, negotiate, and drive consensus without direct authority; comfortable operating in a matrixed environment. High degree of integrity, judgment, and professionalism; able to handle sensitive issues and confidential information appropriately. The SanFrancisco/BayArea base salary range for this full‑time position is $170,600-$234,200, which can vary if outside this location, plus bonus, benefits, and some roles may also include equity. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job‑related skills, competencies, experience, market demands, internal parity, and relevant education or training. Your recruiter can share more about the specific salary range and perks and benefits for your location during the hiring process. Dolby will consider qualified applicants with criminal histories in a manner consistent with the requirements of SanFrancisco Police Code, Article49, and Administrative Code, Article12. Equal Employment Opportunity: Dolby is proud to be an equal opportunity employer. Our success depends on the combined skills and talents of all our employees. We are committed to making employment decisions without regard to race, religious creed, color, age, sex, sexual orientation, gender identity, national origin, religion, marital status, family status, medical condition, disability, military service, pregnancy, childbirth and related medical conditions or any other classification protected by federal, state, and local laws and ordinances. #J-18808-Ljbffr