INFORMATION SECURITY RISK MANAGER

As the Information Security Risk Manager, you will be responsible for developing, implementing, and managing the bank's technology governance, risk, and compliance (GRC) program. This role demands a strategic thinker with a deep understanding of information security, risk management, and regulatory compliance. The successful candidate will ensure that the bank's security, compliance, and risk management strategies for technology align with its business objectives and regulatory requirements. You will work closely with management, IT, and other stakeholders to create a secure and compliant banking environment.

Responsibilities

Daily responsibilities include, but are not limited to, the following:

Governance: 

• Develop, implement, maintain, and advance the bank's information security governance framework.
• Establish and enforce policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Ensure alignment of security governance with the bank's overall business strategy and goals.

Risk Management:  

• Conduct comprehensive risk assessments to identify, analyze, and evaluate security risks and vulnerabilities.
• Develop risk mitigation strategies and action plans.
• Monitor and report on the effectiveness of risk management initiatives.
• Coordinate with internal and external auditors to ensure compliance with risk management policies and procedures.
• Maintain a risk register to document identified risks, controls, and remediation activities.
• Perform continuous monitoring of the risk landscape and adjust risk management strategies accordingly.
• Lead third-party risk management efforts, including vendor risk assessments and due diligence.

Compliance:  

• Ensure the bank's adherence to relevant regulations, such as GLBA, PCI-DSS, CIS, SOX, and others.
• Develop and maintain a compliance program to monitor and enforce regulatory requirements.
• Liaise with regulatory bodies and ensure timely and accurate reporting of compliance matters.
• Conduct regular compliance audits and assessments to identify and proactively address any gaps.
• Maintain an up-to-date understanding of regulatory changes and their impact on the bank's operations.
• Collaborate with legal and regulatory teams to interpret and implement new regulations.
• Update and deliver security awareness training programs for employees.
• Promote a culture of security awareness and compliance across the organization.

Leadership and Collaboration: 

• Serve as a mentor to a team of security and risk management professionals.
• Collaborate with cross-functional teams, including IT, legal, and business units, to ensure a cohesive security and risk management approach.
• Provide regular updates to management on the status of the GRC program.
• Foster a collaborative and inclusive work environment that encourages innovation and continuous improvement.
• Special projects and additional duties as requested by management

Other Functions:

• Keep abreast of changes in banking regulations, cyber security threats, FDIC/FFIEC standards, and privacy laws and regulations. 
• Complete information security projects and implement new tools.
• Research new data security trends, keep up-to-date with current events and new threats in data security, and participate in relevant training courses.
• Assist Internal Audit with IT-related audits.
• Perform due diligence reviews of key new vendors and make meaningful recommendations on whether the new vendor meets the bank’s data security standards.
• Perform due diligence reviews of new products and services and make meaningful recommendations to improve data security needs.

Job Requirements

The successful candidate will have the following qualifications:

• BS/BA in a related field or equivalent experience
• Minimum of 5 years related experience, preferably within a regulated industry
• Ability to interact with all levels of Bank personnel
• Strong analytical skills with the ability to research and investigate.
• Ability to work independently in a multi-task environment with deadlines and a sense of urgency.
• Ability to explain technical terms with all levels of management and staff and develop good working relationships with a commitment to excellent customer service.
• Strong planning and organizational skills
• Familiar with the CIS framework and GRC Platforms
• CISSP, CISM, CRISC, CISA, GCCC, or other related certification(s) preferred

Benefits

• 401(k) with a company match of up to 6%
• ESOP employer match
• Medical insurance
• Dental insurance
• Vision insurance
• Cancer / Disease insurance
• Accident insurance
• Flexible Spending Accounts
• Health Savings Accounts
• Bank paid Life / AD& D insurance
• Voluntary Life / AD&D insurance
• Bank paid Short-Term and Long-Term Disability insurance
• Employee Stock Purchase Plan
• Employee Assistance Program

Physical Requirements

The physical demands described here are representative of those that must be met by an employee in order to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the functions of this job, the employee will continually communicate with coworkers or customers. The employee will constantly position themselves to sit or stand, and occasionally move around the office to access filing cabinets or office machinery. The employee will constantly operate a computer, using repetitive movements of hands and fingers, and other office productivity machinery, such as a calculator, copy machinery, and computer printer.  The employee will frequently identify, observe, and assess materials and information, visually or otherwise. The employee will frequently be required to lift or carry up to 10 pounds, and occasionally be required to lift or carry 11 – 50 pounds, with assistance if needed.

Employees must also have the ability and means to travel as necessary for attending training, meetings, and other various business functions.