What are the responsibilities and job description for the Risk Management - Information Risk Management Specialist position at Golden 1 Credit Union?
TITLE: INFORMATION RISK MANAGEMENT SPECIALIST
STATUS: EXEMPT
REPORTS TO: MANAGER - INFORMATION RISK
DEPARTMENT: RISK MANAGEMENT
JOB CODE: 11812
PAY RANGE: $83,900.00 - $105,000.00 ANNUALLY
GENERAL DESCRIPTION:
The Information Risk Management Specialist is responsible for utilizing the Credit Union’s information risk management framework to identify, assess, measure, monitor and help mitigate the information risk relevant to Golden 1’s people, processes, and technologies. The role works closely with both business and technical stakeholders across the organization to evaluate current controls, policies, and procedures, identify necessary corrective actions to mitigate risk, and ensure alignment with the Credit Union’s risk appetite and the Enterprise Risk Management framework.
TASKS, DUTIES, FUNCTIONS:
1. Perform risk and control assessments using the Information Risk Management Framework, and analyze information (e.g., risk events, root cause analysis, audit findings, KRIs/KPIs, etc.) to identify process and control improvement opportunities, and effective mitigation strategies.
2. Collect and analyze data from information risk management work products, performance metrics, and stakeholder feedback to continuously improve the program.
3. Write clear, concise, and high-quality reports to share identified information risks at all levels of the business.
4. Assist with and support Information Technology Governance, Risk, and Compliance and Information Security team risk assessments and practices, as needed.
5. Work with internal business partners to identify and/or define area specific quantitative and qualitative key information risk and performance indicators.
6. Support Issue Management processes for assessment and audit findings relevant to information risk, including issue entry, reporting, evidence collection and review for closure activities.
7. Foster a culture of trust, respect, and open communication so that all employees feel welcome to ask questions, share feedback, and support the mission.
8. Provide information risk advisory services to business stakeholders on policies and internal controls to manage information risk exposures in day-to-day operations.
9. Tactfully yet assertively challenge assumptions and perspectives on information risk throughout the organization. Recommend improvements to policies, procedures, and practices to mitigate information risk.
10. Contribute to risk committee materials, including creating and updating information risk management reports and presentations on the evaluation of the level and direction of risks, key and emerging risks, and status of previously identified risk and control issues.
11. Perform other duties as required to support Enterprise Risk Management and the business, such as developing ad-hoc analysis, performing deep dive investigations, or driving specific risk initiatives.
12. Maintain a thorough understanding of state and federal laws and regulations related to the security of credit union information; maintain knowledge of current cybersecurity standards and frameworks, practices, and technologies.
PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASK:
1. Outstanding oral, written, and presentation skills required.
2. Strong interpersonal and diplomacy skills required. Must have the ability to run productive meetings and interact with various staff.
3. Excellent prioritization skills to effectively conduct and manage multiple priorities and meet deadlines as required.
4. Must possess sufficient manual dexterity to skillfully operate an on-line computer terminal and other standard office equipment, such as a personal computer, multifunction printer, and telephone.
ORGANIZATIONAL CONTACTS & RELATIONSHIPS:
1. INTERNAL: All levels of staff and management, including senior and executive-level leadership.
2. EXTERNAL: Certain vendors and contractors aiding Information Risk Management as needed.
QUALIFICATIONS:1. EDUCATION:
a. Bachelor’s degree from an accredited college or university in communications, computer science, or related field.
2. EXPERIENCE:
a. Three or more years of experience in analyzing and assessing information security risk.
b. Five or more years of technical experience in information technology or information security.
3. KNOWLEDGE / SKILLS:
a. Exceptional written and verbal communication skills to effectively communicate risk and technical concepts to non-technical audiences.
b. Knowledge of information security control frameworks such as NIST 800-53, ISO/IEC 27001, or CIS Critical Security Controls.
c. Knowledge of risk management models such as NIST 800-30, NIST 800-39, COSO, ISO/IEC 31000, or ISO/IEC 27005.
d. Knowledge of risk management processes (e.g., methods for identifying, analyzing, assessing, and mitigating risk).
e. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
PHYSICAL REQUIREMENTS:
1. Prolonged sitting throughout the workday with occasional mobility required.
2. Corrected vision within the normal range.
3. Hearing within normal range. A device to enhance hearing will be provided if needed.
4. Occasional movements throughout the department daily to interact with staff, accomplish tasks, etc.
LICENSES / CERTIFICATIONS:
Relevant risk management certifications or credentials are beneficial but not required.
#LI-Hybrid
THIS JOB DESCRIPTION IN NO WAY STATES OR IMPLIES THAT THESE ARE THE ONLY DUTIES TO BE PERFORMED BY THIS EMPLOYEE. HE OR SHE WILL BE REQUIRED TO FOLLOW OTHER INSTRUCTIONS AND TO PERFORM OTHER DUTIES REQUESTED BY HIS OR HER SUPERVISOR THAT ARE WITHIN HIS / HER KNOWLEDGE, SKILL AND ABILITY AS WELL AS HIS / HER MENTAL AND PHYSICAL ABILITIES.
REV. 2/25/2025
STATUS: EXEMPT
REPORTS TO: MANAGER - INFORMATION RISK
DEPARTMENT: RISK MANAGEMENT
JOB CODE: 11812
PAY RANGE: $83,900.00 - $105,000.00 ANNUALLY
GENERAL DESCRIPTION:
The Information Risk Management Specialist is responsible for utilizing the Credit Union’s information risk management framework to identify, assess, measure, monitor and help mitigate the information risk relevant to Golden 1’s people, processes, and technologies. The role works closely with both business and technical stakeholders across the organization to evaluate current controls, policies, and procedures, identify necessary corrective actions to mitigate risk, and ensure alignment with the Credit Union’s risk appetite and the Enterprise Risk Management framework.
TASKS, DUTIES, FUNCTIONS:
1. Perform risk and control assessments using the Information Risk Management Framework, and analyze information (e.g., risk events, root cause analysis, audit findings, KRIs/KPIs, etc.) to identify process and control improvement opportunities, and effective mitigation strategies.
2. Collect and analyze data from information risk management work products, performance metrics, and stakeholder feedback to continuously improve the program.
3. Write clear, concise, and high-quality reports to share identified information risks at all levels of the business.
4. Assist with and support Information Technology Governance, Risk, and Compliance and Information Security team risk assessments and practices, as needed.
5. Work with internal business partners to identify and/or define area specific quantitative and qualitative key information risk and performance indicators.
6. Support Issue Management processes for assessment and audit findings relevant to information risk, including issue entry, reporting, evidence collection and review for closure activities.
7. Foster a culture of trust, respect, and open communication so that all employees feel welcome to ask questions, share feedback, and support the mission.
8. Provide information risk advisory services to business stakeholders on policies and internal controls to manage information risk exposures in day-to-day operations.
9. Tactfully yet assertively challenge assumptions and perspectives on information risk throughout the organization. Recommend improvements to policies, procedures, and practices to mitigate information risk.
10. Contribute to risk committee materials, including creating and updating information risk management reports and presentations on the evaluation of the level and direction of risks, key and emerging risks, and status of previously identified risk and control issues.
11. Perform other duties as required to support Enterprise Risk Management and the business, such as developing ad-hoc analysis, performing deep dive investigations, or driving specific risk initiatives.
12. Maintain a thorough understanding of state and federal laws and regulations related to the security of credit union information; maintain knowledge of current cybersecurity standards and frameworks, practices, and technologies.
PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASK:
1. Outstanding oral, written, and presentation skills required.
2. Strong interpersonal and diplomacy skills required. Must have the ability to run productive meetings and interact with various staff.
3. Excellent prioritization skills to effectively conduct and manage multiple priorities and meet deadlines as required.
4. Must possess sufficient manual dexterity to skillfully operate an on-line computer terminal and other standard office equipment, such as a personal computer, multifunction printer, and telephone.
ORGANIZATIONAL CONTACTS & RELATIONSHIPS:
1. INTERNAL: All levels of staff and management, including senior and executive-level leadership.
2. EXTERNAL: Certain vendors and contractors aiding Information Risk Management as needed.
QUALIFICATIONS:1. EDUCATION:
a. Bachelor’s degree from an accredited college or university in communications, computer science, or related field.
2. EXPERIENCE:
a. Three or more years of experience in analyzing and assessing information security risk.
b. Five or more years of technical experience in information technology or information security.
3. KNOWLEDGE / SKILLS:
a. Exceptional written and verbal communication skills to effectively communicate risk and technical concepts to non-technical audiences.
b. Knowledge of information security control frameworks such as NIST 800-53, ISO/IEC 27001, or CIS Critical Security Controls.
c. Knowledge of risk management models such as NIST 800-30, NIST 800-39, COSO, ISO/IEC 31000, or ISO/IEC 27005.
d. Knowledge of risk management processes (e.g., methods for identifying, analyzing, assessing, and mitigating risk).
e. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
PHYSICAL REQUIREMENTS:
1. Prolonged sitting throughout the workday with occasional mobility required.
2. Corrected vision within the normal range.
3. Hearing within normal range. A device to enhance hearing will be provided if needed.
4. Occasional movements throughout the department daily to interact with staff, accomplish tasks, etc.
LICENSES / CERTIFICATIONS:
Relevant risk management certifications or credentials are beneficial but not required.
#LI-Hybrid
THIS JOB DESCRIPTION IN NO WAY STATES OR IMPLIES THAT THESE ARE THE ONLY DUTIES TO BE PERFORMED BY THIS EMPLOYEE. HE OR SHE WILL BE REQUIRED TO FOLLOW OTHER INSTRUCTIONS AND TO PERFORM OTHER DUTIES REQUESTED BY HIS OR HER SUPERVISOR THAT ARE WITHIN HIS / HER KNOWLEDGE, SKILL AND ABILITY AS WELL AS HIS / HER MENTAL AND PHYSICAL ABILITIES.
REV. 2/25/2025
Salary : $83,900 - $105,000
