Information Security Governance Risk Compliance Manager HybridMN

PRIMARY PURPOSE: Provide leadership through the operationalization of an information security governance risk and compliance program as a member of line one (Three Lines Model) that is accountable for identifying evaluating monitoring reporting and managing information security risks to enable business outcomes and meet compliance and regulatory requirements.

ESSENTIAL FUNCTIONS include the following. Other duties may be assigned.

• Develop and implement an information security risk framework that incorporates qualitative and quantitative aspects provides visibility and management of cyber risks and wholly represents cybersecurity risk aligned with the Wings enterprise risk management office.
• Lead information security programs and activities including IT governance compliance risk management third party risk management security education and awareness and data privacy.
• Lead and facilitate information security risk and governance program activities such as risk assessments risk exceptions risk ratings business risk consultations risk mitigation and remediation recommendations monitoring and capability maturity assessments.
• Develops and maintains information security policies and standards.
• Coordinate with internal and external auditors and regulators to facilitate audits and IT exams with the goal of assuring compliance and addressing potential issues proactively.
• Assist in the development communication and of information security risk metrics and related tolerances.
• Mentors develops and oversees the activities undertaken by the information security governance risk and compliance analyst.
• Establish metric monitoring reports and develop analysis and reporting to identify and communicate risk insights.
• Lead the documentation and updating of information security issues within the GRC platform.
• Monitor current and proposed security changes impacting regulatory privacy and security industry best practice guidance.

SUPERVISORY RESPONSIBILITIES: Directly supervises one or more employees within the Information Security Office. Carries out supervisory responsibilities in accordance with the organizations policies and applicable laws. Responsibilities include interviewing hiring and training employees; planning assigning and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

QUALIFICATIONS:

• Bachelors degree in Cybersecurity Information Systems or equivalent.
• Eight 8 or more years of experience in cybersecurity or governance risk and compliance role.
• Experience working in financial services industry.
• Industry certification highly desirable (ex: CISA CRISC CISSP CGRC CIPP or similar).
• Understanding of standards frameworks and financial services regulations (including GLBA NCUA CFPB PCI NIST CSF etc. and internal audit processes.
• Being selfmotivated and having a high attention to detail are a necessity.
• Individual must be able to work in a team environment have strong problemsolving skills and be able to independently learn onthego.
• Strong meeting facilitation skills.
• Ability and desire to teach and coach staff to reach their full potential and to assist departmental manager on educating their staff.
• Ability to manage multiple tasks and deadlines simultaneously.
• Tremendous relationship skills with ability to work with key players in other departments effectively.
• Consistently use strong written presentation and analysis skills and show an active desire for continuous improvement in these areas.
• Act as a key collaborative resource with business leadership and technology teams for routine issues and projectrelated requirements.
• Manage and maintain vendor relationships with all levels of support.
• Continuous learner striving for continuous selfimprovement.
• Bondable

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Pay Range:$125k$158k plus 15 annual target bonus. The estimated hiring range is the budgeted amount for this position. Final offers are based on various factors including skill set experience location qualifications and other jobrelated reasons.

BENEFITS:

Required Experience:

Manager