GRC Cyber Security Supervisor

The Cyber GRC Supervisor reports to the CISO and oversees a team of Information Security Analyst I, II, and III roles specializing in the governance, risk, and compliance of an information security program. This supervisory role oversees and coordinates ICCUs cyber related assessments, audits, and regulatory exams, supervises and oversees ICCUs cyber awareness program, has supervisory responsibility over ICCUs cyber risk management program, oversees and manages ICCUs vulnerability management program, and oversees ICCUs body of governance related to information security and IT controls. The Cyber GRC Supervisor works with the CISO and other leaders to set priorities in support of the ICCU Information Security Program.

Duties and Responsibilities:

• Manage, oversee, and prioritize the ICCU cyber audit and assessment calendar, including external audits and assessments, internal audits and assessments, third party risk assessments, and regulatory exams.
• Coordinate and engage with regulatory examiners from the Idaho Department of Finance, the National Credit Union Administration (NCUA), and the federal Consumer Financial Protection Board (CFPB).
• Oversees and conducts functional information security assessments to identify cyber control gaps and weaknesses in critical functions such as digital banking, online account opening, change management, vulnerability management, asset management, systems administration, third party cyber risk management, identity and access management, and other critical information or technology areas.
• Coordinate, conduct, and oversee governance, risk, and compliance as it pertains to regulatory and industry cyber security frameworks, including the NIST Cyber Security Framework (CSF), FFIEC regulatory frameworks, the Payment Card Industry Digital Security Standard (PCI-DSS), CIS Critical Controls, FedLine, Swift, and others.
• Chairs or delegates chair of ICCUs PCI committee and participates in other committees or boards that are pertinent to the governance, risk, and compliance of a multi-billion-dollar financial institution.
• Oversees and administers ICCUs vulnerability management program, including the oversight and administration of key vulnerability management and security rating systems such as Tenable and Bitsight.
• Reports on the state of vulnerabilities, collaborates with other leaders on vulnerability management strategy, and coordinates the mitigation of vulnerabilities with appropriate teams.
• Leverages subject matter expertise with common audit and assessment techniques to identify cyber control gaps and weaknesses within ICCUs information systems and technology environments.
• Provides oversight and guidance over ICCUs Information Security Program, including policy, procedures, and related governance. Ensures that ICCUs technology governance is germane and compliant with the contemporary needs of a regulated financial institution.
• Leverages all components of GRC to oversee and produce annual enterprise cyber risk assessments.
• Conducts and oversees high and critical risk as it pertains to Third Party Risk Management functions.
• Oversee and conduct ICCUs cyber awareness program, including conducting and coordinating credit union wide team-member training, membership training, executive and leadership training, and departmental training.
• Supervises and oversees the development, training, and growth of cyber GRC team-members.
• Ensures that budgets are properly managed and adhered to, and deadlines are met.
• Maintain strong familiarity with technical and industry developments.
• Other duties and projects as assigned.

Qualifications:

• A Bachelor’s Degree in Computer Science, information Security, Information Assurance, Computer Information Systems, or similar field is required.
• A Master’s Degree in IT Governance and Management, Risk and Compliance, Business Administration, or similar is preferred.
• An ISC2 CISSP or equivalent certification or training is required.
• An ISACA CISM, CISA, PCI-QSA, or equivalent certification is strongly preferred.
• Candidates should have at least 6 years of relevant experience combined with excellent leadership, communication, judgement, and organizational skills and a proven track record of both leading a team and building out policies, procedures, and governance, compliance, and risk management functions. Prior experience managing Cyber / Information Security GRC is preferred.
• Candidates should have extensive experience with cyber audit and controls, and at least 3 years’ experience auditing or overseeing cyber regulatory and compliance frameworks such as PCI, NIST, CIS, CMMC, FFIEC, ISO, or similar.
• Candidates will have substantial experience overseeing and administering an enterprise vulnerability management program and using common vulnerability management platforms.
• Candidates must be familiar with corporate IT infrastructure, systems, and processes, and have a holistic understanding of an IT security and control program.
• Candidates will have 2 years’ experience managing and overseeing an enterprise-wide cyber awareness program.
• Candidates will have substantial experience in project management and project leadership.
• Excellent oral and written communication skills and an ability to work independently are required.

Performance Standard:

A broad knowledge of technology, information management, hardware, software and programs. Ability to learn quickly, contribute to a team effort and work on multiple, time-critical projects simultaneously. Logical, process-oriented thinker with a natural sense of urgency. Ability to lead complex IT projects. Strong interpersonal and client-handling skills with the ability to manage expectations and explain technical details. Must be willing to comply with the Bank Secrecy Act and USA Patriot Act as implemented by Idaho Central Credit Union.

Physical Requirements:

• Perform tasks requiring manual dexterity (processing paperwork, filing, stapling, sorting, collating, typing, counting cash, etc.).
• Sit for extended periods of time.
• Lift 20-40 pounds of applicable supplies including but not limited to copy paper, cash drawers, marketing material, etc.
• Repetitive motion using wrists, hands, and fingers.
• Reach keyboards.
• Ability to operate basic office machines (calculator, computer, telephone, copy machine, fax machine, etc.).

The above statements reflect the general details considered necessary to describe the essential functions of the job and should not be construed as a detailed description of all the work requirements that may be inherent of the job.

Must be eligible for membership at Idaho Central Credit Union to obtain employment.

Idaho Central Credit Union is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, age, disability, protected veteran status or other characteristics protected by law.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.