Please reference the schedule and minimum qualifications listed below before applying.

If you need assistance with filling out our application form or during any phase of the application interview or employment process please notify our Human Resources Team atoption 1 or email and every reasonable effort will be made to accommodate your needs in a timely manner.

Job Summary

Information Security Risk Manager (ISRM) position requires a seasoned risk professional with strong knowledge of risk management control testing and assurance cybersecurity and information technology best practices. This role involves managing guiding and training a team to oversee IT and information security risk and controls assurance efforts. The ISRM is responsible for assisting in the design implementation monitoring testing reporting and governance of the second line information security risk management framework and managing a team to ensure information assets and associated technology applications systems infrastructure and processes are protected. Strong leadership skills a deep understanding of information security risks and the ability to effectively communicate and implement risk management strategies is required.

Job Description

To be effective an individual must be able to perform each job duty successfully.

• Assist the VP Information Security Officer (VP ISO) in monitoring and continuous improvement of a riskbased comprehensive enterprise security program across all IT and cybersecurity risk domains including cyber risk management and oversight threat intelligence and collaboration cybersecurity controls external dependency management cyber incident management and resilience.
• Direct team members in the design and performance of quarterly IT risk assessments and testing of controls across all IT and cybersecurity risk domains to ensure that appropriate controls are in place are effective and any findings are reported.
• Train 2nd line Information Security Risk team members in testing strategies and documentation of IT and information security controls assessments.
• Direct team in monthly reporting of reportable incidents risk assessments metrics / KRIs and control validation results.
• Manage team in quality assurance (QA) reviews and intake of IT and information security:
  • Issues for the Issues Management program
  • Exceptions for the Exceptions Management program
• Review and provide guidance on 1st line IT and information security metrics/KRIs policies procedures standards and controls.
• Lead team in managing and coordinating 3rd party assessments including regular penetration testing and social engineering testing.
• Assist in buildout of Archer GRC information security solutions to improve efficiency and effectiveness of governance risk and control activities. Ensure control procedures are accurately documented maintained and mapped to control standards (e.g. NIST SP800171 NIST CSF etc..
• Review and provide guidance on 1st line IT Security handling and reporting of security incidents. Coordinate reporting to NCUA and other entities as required for reportable incidents.
• Guide 2nd line Information Security Risk team in assisting MACU business units to prepare for regulatory exams (e.g. NCUA CFPB etc. and improve the organizations risk posture.
• Develop relationships and partner with business stakeholders across the company including IT IT Security Digital Solutions Risk and Compliance to influence decision makers and raise awareness of risk management concerns.
• Provide training in risk identification and risk mitigation strategies in the information security and technology domains.
• Balance the protection of information assets and IT risks with the needs of the business and organizational priorities.
• Use AI and develop AI prompts to automate and improve manual tasks.
• Perform other duties as assigned.

KNOWLEDGE SKILLS and ABILITIES

The requirements listed are representative of the knowledge skills and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.

Experience

• 6 years of relevant experience in the information security and risk management
• 3 years of designing test of controls (test of design and test of effectiveness) training teams on documenting testing QA reviewing (attention to detail and accuracy) summarizing results and presenting to executives IT audit experience is a plus
• 2 years in a direct leadership capacity overseeing IT security IT audit or IT risk (or similar role)
• Working knowledge of cloud security platforms and services including understanding of current security offerings from leading cloud service providers (e.g. AWS/Azure) and their applicability to securing a SaaS enterprise security environment
• Experience in the evaluation and assessment of industry standard enterprisewide information security technologies and concepts including but not limited to: Application Security Cloud Security (Azure AWS etc. Data Loss Prevention Security Event Management GRC Tools Threat and Vulnerability Management and Identity and Access Management.
• Clear understanding of relevant information security governance technical and security standards and regulations
• Familiarity with industry and regulatory security standards including FFIEC NIST CSF / 80053 / 800171 SOC 2 ISO 27001 and ISO 27018 as well as current data privacy regulations including GDPR and regional standards.
• Knowledge of networking and network security.
• Understanding of Secure SDLC and DevSecOps or security automation

Education

Bachelors degree in Information Security Computer Science Information Management Business or related field OR 2 additional years combined experience in information technology risk or information security setting. Education must be from an accredited institution and will be verified.

Licenses Certifications Registrations

At least one of the following certifications:

• CISSP
• CISM
• CISA or equivalent preferred

Managerial Responsibility

Has leadership/managerial responsibilities that are direct or through work leaders or assistants typically with a subordinate group of 3 to 10 employees. Estimates personnel needs and assigns work to meet these needs. Supervises coordinates and reviews the work of assigned staff. Recommends candidates for employment conducts performance evaluations and salary reviews for assigned staff and applies company policy.

Computer/Office Equipment Skills

• Advanced skills with Microsoft Office Suite including Outlook Word PowerPoint and Excel including use of advanced formulas graphs charts

Language Skills

• Demonstrated ability to clearly communicate verbally and in writing. Excellent report writing and QA / detail review skills for an executive audience.
• Demonstrated ability to read and follow instructions.

Other Skills and Abilities

• Demonstrated excellent customer service skills.
• Proactively solves problems and actively improves processes and create efficiencies.
• Professional exercises personal discretion and independent judgement.
• Adaptive to change responds positively to altered circumstances or conditions.
• Excellent interpersonal skills including the ability to lead and collaborate with multiple teams.

• Possess a desire and willingness to learn and continually update knowledge of financial concepts strategies systems etc.
• Excellent at team building and motivating people. Skilled at accomplishing goals through others. Proficient at being a teacher mentor and coach.
• Strong collaborative problem solving skills that demonstrate the ability to gather and analyze information and identify and resolve issues or improve processes in a timely manner.

PHYSICAL ABILITIES / WORKING CONDITIONS

Physical Demands

Ability to sit talk and hear consistently

Ability to stand walk and use hands to handle or reach occasionally

Vision Requirements

Close vision (clear vision at 20 inches or less)

Distance vision (clear vision at 20 feet or more)

Weight Lifted or Force Exerted

Ability to lift up to 25 pounds occasionally may need to lift up to 40 pounds.

Environmental

There are no unusual environmental factors (such as a typical office)

Noise Environment

Moderate noise (business office with computers and printers light traffic)

**This Job is not eligible to be performed in Colorado or Connecticut either remotely or inperson.***

Mountain America Credit Union is an EEO/AA/ADA/Veterans employer.