Together We Innovate. Together We Change.

Interested in partnering with technology leaders and business partners to provide thought leadership and information security guidance across a broad variety of business strategy initiatives for a Fortune 500 company? If you have a bachelor's degree along with 8 plus years of experience in information security or IT risk management, we want to speak with you! We are currently seeking a Business Information Security Officer (BISO) to join our IT Risk Management (ITRM) team in Richmond, VA, but are open to a remote work arrangement.

This role will serve as a trusted security advisor to supported business services and operating companies, helping to identify, assess, and manage information security risks while enabling business objectives.

What you will be doing:

• Acting as the primary information security partner to assigned business lines and operating companies, providing risk insights and practical mitigation guidance to strengthen the enterprise cybersecurity posture.
• Coordinating and supporting the delivery of cybersecurity services, helping improve enterprise‑wide risk awareness and inform cyber strategy.
• Communicating cybersecurity threats, initiatives, and open risks to business and technology leaders, while partnering closely to understand and influence technology decisions.
• Applying information security policies, standards, and frameworks (e.g., NIST, CIS, OWASP) to systems and business initiatives, supporting consistent and effective implementation.
• Providing clear, business‑focused and technical guidance on IT risk, ensuring security controls are coordinated into business processes, projects, and solutions.
• Defining and communicating security and compliance requirements with technology owners, system owners, and business partners, and advising on secure solution selection, implementation, and continuous improvement.
• Evaluating and handling third‑party risk, supporting supplier risk management activities, remediation efforts, and contract discussions.
• Perform and support risk assessments, threat and vulnerability management, audits, and incident response activities, serving as a domain expert in coordination with the Computer Security Incident Response Team (CSIRT).

We want you to have:

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related subject area.
• 8+ years in information security, IT risk management, or closely related IT discipline.
• Broad understanding of IT environments, including operating systems, application platforms, cloud technologies, and new technologies.
• Solid understanding of information security principles, risk assessment and management practices, defense‑in‑depth strategies, and security controls.
• Experience working with modern development and delivery practices, including agile and secure development approaches (e.g., DevSecOps).
• Familiarity with industry standards and frameworks, including the NIST Cybersecurity Framework and PCI DSS.
• Demonstrable ability to communicate clearly and effectively with both technical and non‑technical business partners through written, verbal, and interpersonal interactions.
• Professional security certifications (e.g., CISSP, CISM, CRISC, or similar) are preferred.

Compensation and Benefits

Additional Information