About The Position

The Enterprise Information Security (EIS) team is responsible for cybersecurity across our organization. We support our business and members by reducing risk, rapidly responding to threats, focusing on business resiliency and securing new acquisitions. The Senior Manager, Tech Product Management is responsible for leading the design, implementation, and continuous improvement of governance routines that ensure effective adherence to technology and cybersecurity standards. This role plays a critical part in shaping the enterprise technology risk profile and embedding sustainable, risk-based governance practices that drive accountability, transparency, and informed decision-making across technology organizations. Success in this role requires not only deep audit and risk expertise but also the ability to architect governance operating models, integrate risk into business processes, and influence senior stakeholders to adopt consistent and scalable risk management practices. The role requires ongoing engagement with policy and standard owners, executive leadership, and technology stakeholders to establish robust governance routines that translate policy requirements into measurable, enforceable, and sustainable practices. The Senior Product Manager will collaborate with Technology and Cybersecurity teams to define risk based thresholds for their standards that feed into escalation protocols performance metrics, and monitoring mechanisms, ensuring alignment to enterprise risk appetite and regulatory expectations. The role also partners with suppliers, business owners, control owners, and risk teams to identify gaps, validate remediation, and assess control effectiveness, while driving improvements in governance maturity and operational resilience.

Requirements

  • Associate’s degree (or higher) in Information Security, Risk Management, Business, or related field
  • 10+ years in technology and information security with solid experience in risk governance, control assurance, and cybersecurity risk management
  • 5+ years working across matrixed organizations with multiple stakeholders
  • Demonstrated experience in: Designing or maturing risk governance routines and frameworks
  • Defining risk metrics, thresholds, and escalation processes
  • Assessing control effectiveness at scale
  • Experience in technology engineering, technology development, technology infrastructure or cybersecurity management
  • Advanced knowledge of enterprise architectures, cloud platforms, data ecosystems, and technology cybersecurity domains (IAM, network, endpoint, application security).
  • Ability to evaluate how technology design decisions impact risk exposure and control effectiveness
  • Ability to assess complex and ambiguous scenarios and define governance approaches where precedents do not exist
  • Proven ability to design end-to-end governance operating models, including roles, responsibilities, workflows, and accountability structures
  • Expertise in embedding risk governance into core technology lifecycle processes (SDLC, DevSecOps, infrastructure provisioning)
  • Solid capability to define risk appetite statements, tolerance levels, and action-trigger thresholds
  • Understanding of tiered governance models (operational, tactical, executive-level oversight)
  • Ability to align governance routines to business strategy and digital transformation initiatives
  • Ability to communicate complex technical risks in clear, business-relevant terms
  • Solid executive presence with experience influencing senior leaders and driving behavioral change
  • Capability to challenge constructively while maintaining solid partnerships
  • Skilled in delivering impactful reporting, including risk narratives, dashboards, and escalation briefings
  • Deep understanding of frameworks such as NIST CSF, ISO 27001, COBIT, SOX, FFIEC
  • Ability to map governance routines to regulatory expectations and audit requirements
  • Awareness of evolving cybersecurity regulations and supervisory expectations

Nice To Haves

  • Certifications: CISA, CRISC, CISSP, CISM
  • Experience in large-scale governance transformation or audit modernization initiatives
  • Exposure to cloud governance, AI risk frameworks, and DevSecOps environments

Responsibilities

  • Define and implement a comprehensive technology and cybersecurity governance framework, including oversight routines, risk reporting structures, and escalation pathways
  • Design and collaborate with Technology and Cybersecurity teams to operationalize risk governance routines that integrate into day-to-day technology processes (e.g., SDLC, cloud deployments, third-party onboarding)
  • As part of governance, collaborate with Technology and Cybersecurity teams to ensure they define Key Risk Indicators (KRIs), Key Control Indicators (KCIs), and performance metrics, including thresholds aligned to risk appetite that support the GRC metrics framework
  • Lead risk profiling and aggregation activities, connecting control effectiveness, threat landscape, and business impact into a clear enterprise risk view
  • Evaluate and challenge governance processes to ensure consistency, scalability, automation, and sustainability
  • Drive standardization of governance practices across disparate technology teams and domains.
  • Assess effectiveness of preventive vs. detective controls, continuous monitoring capabilities, and automated controls
  • Influence leadership to strengthen risk ownership, accountability, and decision-making discipline
  • Ensure governance routines satisfy regulatory, audit, and industry framework expectations

Benefits

  • a comprehensive benefits package
  • incentive and recognition programs
  • equity stock purchase
  • 401k contribution
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service