Business Information Security Officer

Together We Innovate.

Together We Change.
Interested in partnering with technology leaders and business partners to provide thought leadership and information security guidance across a broad variety of business strategy initiatives for a Fortune 500 company? If you have a bachelor's degree along with 8 plus years of experience in information security or IT risk management, we want to speak with you! We are currently seeking a Business Information Security Officer (BISO) to join our IT Risk Management (ITRM) team in Richmond, VA, but are open to a remote work arrangement.This role will serve as a trusted security advisor to supported business services and operating companies, helping to identify, assess, and manage information security risks while enabling business objectives.
What you will be doing:


* Acting as the primary information security partner to assigned business lines and operating companies, providing risk insights and practical mitigation guidance to strengthen the enterprise cybersecurity posture.


* Coordinating and supporting the delivery of cybersecurity services, helping improve enterprise‑wide risk awareness and inform cyber strategy.


* Communicating cybersecurity threats, initiatives, and open risks to business and technology leaders, while partnering closely to understand and influence technology decisions.


* Applying information security policies, standards, and frameworks (e.g., NIST, CIS, OWASP) to systems and business initiatives, supporting consistent and effective implementation.


* Providing clear, business‑focused and technical guidance on IT risk, ensuring security controls are coordinated into business processes, projects, and solutions.


* Defining and communicating security and compliance requirements with technology owners, system owners, and business partners, and advising on secure solution selection, implementation, and continuous improvement.


* Evaluating and handling third‑party risk, supporting supplier risk management activities, remediation efforts, and contract discussions.


* Perform and support risk assessments, threat and vulnerability management, audits, and incident response activities, serving as a domain expert in coordination with the Computer Security Incident Response Team (CSIRT).

We want you to have:


* Bachelor's degree in Computer Science, Information Systems, Engineering, or a related subject area.


* 8+ years in information security, IT risk management, or closely related IT discipline.


* Broad understanding of IT environments, including operating systems, application platforms, cloud technologies, and new technologies.


* Solid understanding of information security principles, risk assessment and management practices, defense‑in‑depth strategies, and security controls.


* Experience working with modern development and delivery practices, including agile and secure development approaches (e.g., DevSecOps).


* Famil...