Business Information Security Officer

at  Altria

Overview:
Are you interested in working together with technology leaders and supported business areas to provide thought leadership and information security mentorship on a wide array of business strategy objectives and growth initiatives, technology driven projects, and cyber risks for a fortune 200 company? If so, then we are looking for you! We are currently seeking a Business Information Security Officer - BISO to join our IT Risk Management Team in Richmond, VA, but are open to a remote work arrangement.

• Representing the Chief Information Security Officer (CISO) to Altria’s business lines and/or operating companies, delivering comprehensive risk assessment and mitigation strategies crafted to improve the overall cybersecurity posture of the company.
• Overseeing the delivery of cyber service(s) to improve risk understanding and cyber-strategies across the enterprise.
• Briefing business executives on cybersecurity threats, initiatives and open risks and being a liaison to capture information on technology strategies within support business lines.
• Interpreting information security policies, standards (i.e. NIST, CIS, OWASP, etc.), and other requirements with respect to specific internal information systems and assisting with the implementation of these and other information security requirements.
• Providing business and technical advice on a wide variety of IT risk issues, concerns, problems, and projects ensuring all business processes incorporate adequate information security - including support of security considerations of projects undergoing Architectural Review Board consideration.
• Developing and communicating security and compliance requirements to technology and system owners and key business partners
• Providing users and management with security mentorship with regards to selecting technology products, as well as ongoing integrations and improvements of such products
• Assessing and qualifying risk related to third party service providers and supporting the Supplier Risk Management program, including driving remediation of findings and supporting contract negotiations.
• Providing support and escalation for the Threat and Vulnerability Management program, including web application security, in-house IT environments and cloud-based infrastructure, including driving risk insights via reporting in support of effective vulnerability management.
• Serving as a technical leader for periodic information system and application risk assessments, including those associated with the development of new or significantly improved business applications.
• Monitoring current and proposed laws, regulations, industry standards and ethical requirements related to IT risk, information security and privacy - including coordination with the Altria legal team on privacy related matters.
• Providing support for internal security assessments and corporate audit assessments, including active engagement in high-risk auditable areas, risk management and remediation of audit findings, and ongoing information security governance.
• Serving as the SME for technology operating in the supported business lines, establishing strong working relationships with IT professionals supporting those systems, and supporting effective incident response in conjunction with Altria’s internal Computer Security Incident Response Team (CSIRT) by actively participating in and providing consultation during response activities.