Paranoids Information Security Business Partner

It takes powerful technology to connect our brands and partners with an audience of hundreds of millions of people. Whether you’re looking to write mobile app code, engineer the servers behind our massive ad tech stacks, or develop algorithms to help us process trillions of data points a day, what you do here will have a huge impact on our business—and the world.

A Little About Us

When you impact millions of people every day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet. We are the information security team at Yahoo, known as "The Paranoids."

The Information Security Business Partnerships team within the Paranoids is charged with embedding security into Yahoo’s products to make them the most trusted and secure in-class. We do this by aligning our product roadmaps with our information security strategy as well as ingraining security into their product development lifecycles. We work at all levels of the organization to enable Yahoo to achieve its business goals safely and efficiently.

A Lot About You

The Information Security Business Partner (ISBP) serves as a trusted advisor and strategic liaison, embedding with business units to understand their needs and translate them into actionable security strategies. This highly experienced and independent professional proactively addresses complex security challenges, aligns initiatives with business goals, and provides expert guidance with minimal supervision.

Reporting to the Business Information Security Officer, this role leads high-impact projects and cross-functional teams, leveraging deep security expertise and cross-disciplinary knowledge to develop innovative solutions to problems that affect our customers and our products.

Key Responsibilities:

• Strategic Partnership & Security Advocacy: Serve as the primary liaison between the Information Security team and assigned business units, fostering strong relationships with senior leadership, promoting a culture of security awareness, and advocating for security priorities aligned with business objectives.

• Risk Management: Proactively identify, assess, and mitigate information security risks within business units by providing expert guidance on security policies, standards, and best practices.

• Security Advisory: Provide ongoing product security guidance and engineering support to business units, and assist with cyber defense strategies, leveraging the expertise of internal information security specialists within the Paranoids.

• Shift-Left Security: Embed security into business initiatives from the outset by advising on secure design and implementation, ensuring alignment with industry best-practices and internal policies.

• Policy Interpretation & Compliance Support: Assist business stakeholders in understanding and applying information security policies and procedures, balancing business needs with security requirements.

• Awareness, Training & Continuous Improvement: Drive targeted security awareness initiatives, contribute to training efforts, and stay informed on emerging threats and technologies to continuously improve the organization’s security posture.

• Internal Collaboration and Leadership: Foster internal collaboration and enable cross-functional squads within our information security team. Elevate business unit priorities and ensure our teams are aligned with Yahoo’s product roadmap.

General Qualifications

Experience & Leadership:

As part of this role, you’ll work closely with product and engineering teams, infrastructure, and other technical teams.

• Extensive experience in information security, with a strong track record in product security or consultative roles.

• Demonstrated ability to operate independently in complex environments, with minimal guidance.

• Proven track record of leading or driving high-impact projects or initiatives involving cross-functional teams and significant risk or resource considerations.

Expertise & Knowledge:

• Relevant experience in information security disciplines (e.g., risk management, security architecture, GRC, cloud security, IAM), with practical understanding of adjacent business functions (e.g., IT, legal, compliance, product). 

• Strong working knowledge of frameworks and regulations such as NIST, ISO 27001, SOC 2 and GDPR.

• Ability to develop and apply security strategies that balance innovation, risk, and operational needs.

• Ability to assess risk, weigh trade-offs, and influence decision-making across diverse stakeholder groups.

• Ability to navigate ambiguity and develop highly innovative, practical solutions to complex, multi-dimensional problems.

Communication & Influence:

• Exceptional communication and interpersonal skills, capable of translating technical issues for business stakeholders and influencing at all levels of the organization.

• Adept at building trust-based relationships and advocating for security in ways that align with business goals.

Education & Credentials:

• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent practical experience).

• Relevant certifications strongly preferred (e.g., CISSP, CISM, CRISC, SABSA).

The material job duties and responsibilities of this role include those listed above as well as adhering to Yahoo policies; exercising sound judgment; working effectively, safely and inclusively with others; exhibiting trustworthiness and meeting expectations; and safeguarding business operations and brand integrity.

At Yahoo, we offer flexible hybrid work options that our employees love! While most roles don’t require regular office attendance, you may occasionally be asked to attend in-person events or team sessions. You’ll always get notice to make arrangements. Your recruiter will let you know if a specific job requires regular attendance at a Yahoo office or facility. If you have any questions about how this applies to the role, just ask the recruiter!

Yahoo is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Yahoo will consider for employment qualified applicants with criminal histories in a manner consistent with applicable law. Yahoo is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please submit a request via the Accommodation Request Form (www.yahooinc.com/careers/contact-us.html) or call +1.866.772.3182. Requests and calls received for non-disability related issues, such as following up on an application, will not receive a response.

We believe that a diverse and inclusive workplace strengthens Yahoo and deepens our relationships. When you support everyone to be their best selves, they spark discovery, innovation and creativity. Among other efforts, our 11 employee resource groups (ERGs) enhance a culture of belonging with programs, events and fellowship that help educate, support and create a workplace where all feel welcome.

The compensation for this position ranges from $143,625.00 - $299,375.00/yr and will vary depending on factors such as your location, skills and experience.The compensation package may also include incentive compensation opportunities in the form of discretionary annual bonus or commissions. Our comprehensive benefits include healthcare, a great 401k, backup childcare, education stipends and much (much) more.

Currently work for Yahoo? Please apply on our internal career site.