Distinguished, Risk Expert

Position Summary

As the Business Information Security Partner (BISP), your core responsibility will be to enhance the delivery of secure technology to our customers. This role, reporting to the Information Security Partners organization, will act as the key bridge between organizations and strategic partners to predict future needs of an aligned line of business and accelerate secure delivery.

At Walmart, we prioritize innovation and data security. Our team is dedicated to maintaining a secure operating environment and preserving the trust of our customers, associates, and stakeholders. We combine a range of services and expertise to prevent fraud, detect threats, and manage digital risk and access. Our focus is on mitigating attack risks, securing cloud transformation, and fostering a culture of security and reliability within our team.

• Key leader for all things information security within a core technology team.
• Establish and embed security into engineering using automation and scalable security practices throughout the software development lifecycle.
• Partner and collaborate across other operations leaders in educating and initiating actions to mature the security posture for the teams.
• Determine where opportunities exist for the technology teams and further define and roadmap the maturity journey to raise the security posture expectation.
• Understand key business goals to reframe risk discussions and resulting decisions in business terms.
• Inform senior business leaders and partners, and product teams on the long‑run risk implications of product options using data and expert experience to guide decision making.
• Predict demand increases both in existing operations and for new yet‑to‑be‑offered services from Information Security.
• Maintain awareness and aid Info Sec teams to keep priorities aligned with business needs.
• Translate business needs into product requirements for feeding backlogs of horizontal offerings by Information Security.
• Serve as a primary arbiter for risk management between business needs and security risk, aligned with quantitative risk measurement standards.
• Act as the primary escalation point for incidents involving your supported area and Information Security, including attending war rooms when notified and following up on problems involving Information Security services.
• Participate in industry councils or working groups to influence security best practices within the retail industry.
• Constructively engage teams, including business teams, to resolve cybersecurity issues.
• Establish risk ownership and accountability.
• Monitor open security risk issues to ensure strategic planning identifies and avoids such risks in the future.

• Manage the execution of security initiatives by prioritizing critical issues for root‑cause analysis, ensuring resolution, monitoring progress, escalating complex issues, conducting business and technical design sessions, utilizing scope‑change orders, tracking expenditures, providing presentations, managing stakeholder expectations, and developing performance reports.
• Monitor, analyze, and remediate IT security risks and vulnerabilities by adhering to defined procedures, reviewing metrics, identifying improvement opportunities, providing feedback, and participating in meetings for initiatives that alter current processes.
• Maintain vendor relations by preparing and executing RFPs, facilitating vendor selection, reviewing statements of work, ensuring compliance with vendor contracts, and reporting on contract execution.
• Oversee multiple compliance efforts by monitoring implementation of specific security controls, ensuring expertise with regulatory concepts (ISO, SOX, PCI, HIPAA), managing compliance assessments and remediation, defining improvements, and presenting results to senior management.
• Manage the implementation of security governance by leading governance strategy, enforcing policies and procedures, developing remediation plans, comparing industry standards, reporting governance issues, and tracking pending legislation.
• Analyze and identify risk, building knowledge of risk and governance, developing mitigation…