About The Position

The Portfolio Information Security Officer (PISO) is a senior, director-level leader serving as the primary security advisor for assigned lines of business. Reporting to the Deputy Chief Information Security Officer, the PISO aligns business objectives with enterprise security requirements, advises on cyber and technology risk, and ensures application, architecture, and engineering initiatives incorporate appropriate security controls. This role influences senior stakeholders across technology, product, engineering, operations, risk, compliance, and business leadership, translating complex technical issues into actionable business risk decisions and driving remediation aligned to regulatory expectations, operational resilience, and enterprise security strategy.

Requirements

  • Bachelor’s degree in Information Security, Computer Science, Information Technology, Engineering, Risk Management, or related field, or equivalent practical experience.
  • 10+ years across information security, technology risk, application security, infrastructure, cloud security, security architecture, engineering, or related disciplines.
  • 5+ years influencing senior technology, engineering, risk, or business stakeholders.
  • Demonstrated experience advising on cyber risk, control gaps, risk acceptance, remediation prioritization, and executive-level risk reporting.
  • Experience reviewing application, system, or platform designs for security risk and translating technical issues into business risk language for executives.
  • Broad technical fluency across application security and secure SDLC, cloud security architecture, IAM, infrastructure and network security, data protection and encryption, API and integration security, vulnerability management, DevSecOps and CI/CD, logging/monitoring/detection controls, third-party risk, resilience and continuity.
  • Strong risk judgment; ability to distinguish theoretical risk from material business risk and compliance exposure, and to recommend pragmatic treatments aligned to risk appetite.
  • Executive communication skills with the ability to prepare concise, decision-oriented materials and influence without direct authority.
  • Business acumen to connect security posture to strategy, revenue, operations, and customer impact.
  • Relationship management and prioritization skills to focus teams on the most impactful risks under resource constraints.
  • Ownership mindset to drive issues to closure, maintain accountability, and ensure transparent, time-bound risk decisions.

Nice To Haves

  • Experience as a PISO/BISO or in security architecture, technology risk, or senior security advisory roles
  • Regulated industry experience (e.g., financial services, healthcare, insurance, technology, critical infrastructure)
  • Familiarity with frameworks such as NIST CSF, NIST 800-53, ISO 27001, CIS Controls, COBIT, FAIR
  • Relevant certifications (e.g., CISSP, CISM, CRISC, CCSP, CISA, SABSA, AWS/Azure security credentials)
  • Experience presenting to executive and board-level forums

Responsibilities

  • Own the security relationship for assigned portfolios; participate in business planning and governance; ensure leaders understand current and emerging risks, control gaps, remediation obligations, and risk acceptance decisions; connect enterprise security functions with business and technology teams to align priorities to outcomes.
  • Advise on remediation prioritization, compensating controls, exceptions, and formal risk acceptance; assess findings based on likelihood, impact, exploitability, regulatory exposure, operational criticality, and customer impact; develop practical risk treatment plans; present time-bound risk acceptance recommendations with accountable ownership; escalate material risks to appropriate governance forums.
  • Provide technical security advisory for application architecture, cloud deployments, integrations, APIs, identity patterns, and third-party connectivity; partner with enterprise architecture, engineering, DevOps, cloud, and infrastructure teams to identify risk early; evaluate authentication, authorization, data protection, encryption, logging, segmentation, resilience, secrets management, secure configuration, and vulnerability exposure; ensure alignment to enterprise standards, secure SDLC, and regulatory requirements.
  • Produce business-unit-specific cyber risk reporting covering key risks, control gaps, remediation progress, exceptions, vulnerabilities, audit/regulatory issues, and emerging threats; deliver regular updates to business leaders and contribute to consolidated executive reporting; translate technical issues into clear business impact statements and decision materials; track commitments, risk acceptances, and issue closure.
  • Drive adoption of enterprise capabilities and standards (e.g., vulnerability management, third-party risk, IAM, data protection, cloud security, incident response, threat management, awareness, secure development); identify gaps between policy and implementation; provide feedback to central security teams; support regulatory, audit, and compliance activities; partner with security architecture, GRC, risk, privacy, legal, compliance, and technology teams.
  • Provide business context during incidents and investigations; advise leaders on exposure, remediation urgency, operational impact, and communications; lead post-incident risk reviews and ensure lessons learned inform sustainable control improvements.

Benefits

  • Asurion is an equal opportunity employer. We hire the best available person for the job regardless of marital status, sex, gender orientation, age, religious belief, race, nationality and ethnic origin, color, or disability.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service