Manager - Technical Information Security Lead (TISL)

Required Skills:

Preferred Skills:

Secondary Language(s) :

Manager - Technical Information Security Lead (TISL)

Primary Responsibilities

Business Partnership and Advisory

• Serve as a primary risk advisor to technology and product teams; translate security risks into business impact and actionable recommendations.
• Participate in planning forums, product roadmaps, and program governance to ensure security is included early (shift-left).
• Translate enterprise security policies into practical, business-aligned guidance and manage exception handling; escalate material risks to leadership when appropriate.
• Engage platform and delivery teams early to embed security and compliance in strategies and designs; facilitate informed risk response decisions.

Risk Assessment and Governance Support

• Maintain prioritized risk registers with clear ownership; drive risk response decisions with accountable owners and delegated approvers.
• Conduct and document risk assessments (e.g. applications, cloud services, infrastructure, platforms, data and artificial intelligence, and third parties) and gap analyses aligned to enterprise policies and applicable regulations.
• Recommend and help implement risk-based security controls, compensating measures, and remediation plans tailored to operational contexts.
• Track remediation to closure and provide periodic risk reporting, highlighting residual risk, trends, and material escalations.

Technical Risk Management and Cybersecurity

• Review architecture, design, and operational controls for systems, applications, cloud environments, and enterprise platforms; identify opportunities to strengthen resilience.
• Partner with solution and platform owners to validate guardrails and control effectiveness, including identity and access management, segregation of duties, configuration baselines, change and release, backup and recovery, and integration security.
• Support incident investigations and coordination with the Cyber Fusion Center; identify root causes and drive corrective actions.

Program Execution and Standards

• Support development and operationalization of security standards, policies, reference architectures, patterns, and guardrails; enable reusable and automated controls where feasible, aligning with NIST and ISO frameworks
• Participate in assurance activities such as control testing, audits, and compliance assessments and support remediation efforts.
• Monitor emerging technologies and regulatory changes, including cloud, data, artificial intelligence, and platform governance; evaluate impacts and update standards and guardrails accordingly.

Stakeholder Engagement and Awareness

• Collaborate with risk, technology, and business stakeholders to promote a risk-aware culture and practical security behaviors across technology divisions
• Deliver targeted security awareness and training for technology division teams, tailored to their roles and operational processes.
• Act as a subject-matter expert in cross-functional working groups and project teams.

Qualifications

Education and Certifications

• Bachelor s degree in information technology, cybersecurity, computer science, or related field (or equivalent experience).
• Relevant security or risk certifications preferred (CISSP, CISM, CISA, CRISC, GSEC) but not required.
• Project management and data governance, data science or privacy credentials are beneficial.

Experience

• Experience in cybersecurity, IT risk management, IT compliance, IT audit, or related fields.
• Experience performing risk assessments and advising technical and business stakeholders on security controls and remediation.
• Practical experience with cloud, application, platform, software delivery, AI or data and analytics security.
• Experience with SDLC and agile/DevOps practices, integrating security controls into CI/CD pipelines
• Experience in regulated industries is preferred but not mandatory.

• Skills and Competencies
• Technical depth in security controls, threats, vulnerabilities, and mitigation strategies across technology, platforms, AI and data.
• Strong business acumen with the ability to explain technical risk in business terms and produce clear, actionable recommendations.
• Proven problem-solving and analytical skills; able to prioritize based on risk and value.
• Strong stakeholder management and communication skills; able to influence without formal authority.
• Comfortable working independently and within cross-functional teams; adaptable in a fast-paced environment.
• High emotional intelligence and a collaborative mindset.