Jobs · Information Technology · Tennessee

Portfolio Information Security Officer

Asurion · Nashville, TN · Yesterday
On-siteInformation TechnologyFull-time

Key Responsibilities

  • Business Unit Security Leadership: Own the security relationship for assigned portfolios; participate in business planning and governance; ensure leaders understand current and emerging risks, control gaps, remediation obligations, and risk acceptance decisions; connect enterprise security functions with business and technology teams to align priorities to outcomes.
  • Cyber Risk Advisory and Prioritization: Advise on remediation prioritization, compensating controls, exceptions, and formal risk acceptance; assess findings based on likelihood, impact, exploitability, regulatory exposure, operational criticality, and customer impact; develop practical risk treatment plans; present time-bound risk acceptance recommendations with accountable ownership; escalate material risks to appropriate governance forums.
  • Application Architecture and Engineering Reviews: Provide technical security advisory for application architecture, cloud deployments, integrations, APIs, identity patterns, and third-party connectivity; partner with enterprise architecture, engineering, DevOps, cloud, and infrastructure teams to identify risk early; evaluate authentication, authorization, data protection, encryption, logging, segmentation, resilience, secrets management, secure configuration, and vulnerability exposure; ensure alignment to enterprise standards, secure SDLC, and regulatory requirements.
  • Risk Reporting and Governance: Produce business-unit-specific cyber risk reporting covering key risks, control gaps, remediation progress, exceptions, vulnerabilities, audit/regulatory issues, and emerging threats; deliver regular updates to business leaders and contribute to consolidated executive reporting; translate technical issues into clear business impact statements and decision materials; track commitments, risk acceptances, and issue closure.
  • Security Program Alignment: Drive adoption of enterprise capabilities and standards (e.g., vulnerability management, third-party risk, IAM, data protection, cloud security, incident response, threat management, awareness, secure development); identify gaps between policy and implementation; provide feedback to central security teams; support regulatory, audit, and compliance activities; partner with security architecture, GRC, risk, privacy, legal, compliance, and technology teams.
  • Incident, Threat, and Emerging Risk Support: Provide business context during incidents and investigations; advise leaders on exposure, remediation urgency, operational impact, and communications; lead post-incident risk reviews and ensure lessons learned inform sustainable control improvements.

Education and Experience

  • Bachelor’s degree in Information Security, Computer Science, Information Technology, Engineering, Risk Management, or related field, or equivalent practical experience.
  • 10+ years across information security, technology risk, application security, infrastructure, cloud security, security architecture, engineering, or related disciplines.
  • 5+ years influencing senior technology, engineering, risk, or business stakeholders.
  • Demonstrated experience advising on cyber risk, control gaps, risk acceptance, remediation prioritization, and executive-level risk reporting.
  • Experience reviewing application, system, or platform designs for security risk and translating technical issues into business risk language for executives.

Preferred

  • Experience as a PISO/BISO or in security architecture, technology risk, or senior security advisory roles;
  • Regulated industry experience (e.g., financial services, healthcare, insurance, technology, critical infrastructure);
  • Familiarity with frameworks such as NIST CSF, NIST 800-53, ISO 27001, CIS Controls, COBIT, FAIR;
  • Relevant certifications (e.g., CISSP, CISM, CRISC, CCSP, CISA, SABSA, AWS/Azure security credentials).

Knowledge, Skills, And Abilities

  • Broad technical fluency across application security and secure SDLC, cloud security architecture, IAM, infrastructure and network security, data protection and encryption, API and integration security, vulnerability management, DevSecOps and CI/CD, logging/monitoring/detection controls, third-party risk, resilience and continuity.
  • Strong risk judgment; ability to distinguish theoretical risk from material business risk and compliance exposure, and to recommend pragmatic treatments aligned to risk appetite.
  • Executive communication skills with the ability to prepare concise, decision-oriented materials and influence without direct authority.
  • Business acumen to connect security posture to strategy, revenue, operations, and customer impact.
  • Relationship management and prioritization skills to focus teams on the most impactful risks under resource constraints.
  • Ownership mindset to drive issues to closure, maintain accountability, and ensure transparent, time-bound risk decisions.

Similar jobs

Security Officer

Lifepoint Health®Hancock, MI· 2 wk ago
Information Technologyapply on jobs.lifepointhealth.net

Security Officer

Securitas Security Services USA, Inc.Solway, MN· 1 wk ago
Information Technology$17/hrapply on ekaw.fa.us2.oraclecloud.com

Security Officer

Securitas Security Services USA, Inc.Auburn Hills, MI· 1 wk ago
Information Technology$20/hrapply on ekaw.fa.us2.oraclecloud.com

Security Officer

Pacific SecurityMoses Lake, WA· 2 wk ago
Information Technology$17.5–$18.5/hrapply on pacsecurity.exacthire.com

Security Officer

Prairie MeadowsAltoona, IA· 2 wk ago
Information Technology$20/hrapply on workforcenow.adp.com

SECURITY OFFICER

Oneida HealthOneida, NY· 2 wk ago
Information Technologyapply on paycomonline.net