Advanced Specialist, Cybersecurity

This is an advanced individual contributor role focused on providing **hands-on cybersecurity expertise and risk guidance** in support of Pearson’s business units and technology teams. This role serves as a **trusted security specialist and advisor** , ensuring cybersecurity controls, risk management practices, and secure-by-design principles are effectively applied across products, platforms, and operations. The BISO operates as a **subject-matter expert** , independently handling complex security tasks, analyzing risk, and supporting remediation efforts. The role regularly provides **technical guidance, mentoring, and influence** to engineers, architects, and product teams, but **does not carry formal people management or executive decision-making authority** . Typical activities include conducting and supporting risk assessments, reviewing security architecture and controls, assisting with incident response analysis, validating compliance evidence, and identifying patterns or gaps that require corrective action. Risk at this level is associated with **incomplete implementation of controls, misinterpretation of findings, or delayed remediation** , which the role mitigates through strong technical judgment and collaboration. The BISO collaborates closely with Business Unit technology teams and enterprise security partners, helping ensure alignment with Pearson security standards while enabling innovation and customer trust. **Key Responsibilities** **Security Advisory & Business Support** Act as a **primary cybersecurity subject-matter expert** for assigned Business Unit initiatives and technology teams. Provide **practical security guidance** that helps teams design, build, and operate secure systems and products. Support business and technology stakeholders by translating security requirements into actionable technical controls. **Risk Assessment & Management** Conduct and support **security risk assessments** , threat modeling, and control evaluations. Partners with technology leads to **identify, document, and track remediation actions** for security risks. Escalate material risks to appropriate enterprise security stakeholders when needed, ensuring accurate documentation and follow-through. **Secure Delivery & Change Enablement** Support the adoption of **security-by-design practices** throughout the technology and product lifecycles. Review solution designs, architectures, and implementations to validate alignment with Pearson security standards. Assist teams in understanding and integrating new security controls, tools, or processes. **Incident & Issue Support** Provide **technical expertise during security incidents** , investigations, and post-incident reviews. Contribute to **incident documentation, root cause analysis, and lessons learned** , recommending improvements to prevent recurrence. Assist with remediation of vulnerability findings and security issues. **Collaboration & Influence** Work closely with product managers, engineers, architects, and security colleagues to embed security controls into delivery workflows. Serve as a **trusted point of contact** for security-related questions from internal teams and stakeholders. Influence outcomes through expertise, data, and recommendations rather than authority. **Metrics, Documentation & Continuous Improvement** Contribute to **security reporting, metrics, and dashboards** by validating data accuracy and highlighting trends. Identify recurring control gaps or process issues and **recommend practical improvements** . Support audits and compliance activities by preparing and reviewing evidence and responses. **Education** Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field **preferred** . Equivalent practical experience will be considered. **Experience** **6–9 years** of experience in cybersecurity, information security, IT risk, or related technical roles. Demonstrated experience performing **risk assessments, security reviews, vulnerability management, or incident support** . Experience working with cross-functional technology teams in **SaaS, platform, or enterprise environments** . Proven ability to work independently on complex problems and **influence outcomes through expertise** . Experience working with Business Intelligence tools, Risk Management platforms and Vulnerability Management tools, CSPM, ASPM, CNAP etc. **Certifications (Preferred, Not Required)** CISSP, CISM, CRISC, or equivalent security certifications. Cloud or platform security certifications are a plus. **Skills** **Technical Expertise:** Strong understanding of security controls, risk management, and secure system design. **Analytical Judgment:** Ability to assess complex security findings and recommend effective remediation. **Influence & Collaboration:** Works effectively across teams without formal authority. **Communication:** Clearly explains security risks and solutions to technical and non-technical audiences. **Problem Solving:** Independently addresses complex issues and identifies patterns and improvements. **Key Attributes** **Credibility:** Recognized as a knowledgeable and reliable security specialist. **Accountability:** Follows through on risk and remediation activities with rigor. **Curiosity:** Continuously develops cybersecurity expertise and stays current with evolving threats. **Collaboration:** Builds strong working relationships across engineering, product, and security teams. **Impact-Oriented:** Focuses on practical, risk-reducing outcomes that support the business. **Who we are:** At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson. Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com. **Job:** Security **Job Family:** TECHNOLOGY **Organization:** Corporate Strategy & Technology **Schedule:** FULL\_TIME **Workplace Type:** Hybrid **Req ID:** 22768 \#LI-REMOTE