InformationCyber Security Risk Officer

We are seeking a Information/Cyber Security Risk Officer to join our Compliance team. The information/cyber security risk officer is responsible for executing the tactical and operational elements of the banks information and cyber risk management program. This position leads day-to-day risk oversight activities across cybersecurity information security third-party/vendor risk data governance and business continuity planning (BCP).

Geographical location for this position is Tacoma Washington at the Southern Operations Center. Depending on experience and qualifications other locations within Heritage Banks footprint (WA OR ID) may be considered.

Base Salary Range:

$112991.00 - $141236.00 - $169491.00 annual

The Role at a Glance:

• Leads governance activities to ensure security vendor data and business continuity risks are effectively mitigated while maintaining and aligning control frameworks with industry best practices and regulatory requirements.
• Builds and maintains strong working relationships across all lines of business to include IT operations and compliance to actively foster a risk-aware culture.
• Assists with the identification assessment mitigation and monitoring of cybersecurity and information security risks across the enterprise and contributes to risk registers and incident trend analyses.
• Oversees IT control assessments gap analyses and control testing ensuring appropriate documentation and remediation planning.
• Collaborates with procurement and vendor management partners to ensure all third-party and outsourced service providers undergo risk assessments in alignment with third-party risk guidance and requirements.
• Partners with data governance and compliance programs to ensure security classification handling retention and access controls over sensitive and regulated data are enforced and operating (e.g. customer PII NPI financial records).
• Acts as the primary liaison with internal and external audit teams and regulatory examiners for all cybersecurity and third-party risk-related reviews. Ensures effective coordination clear communication and timely resolution of audit findings regulatory inquiries and identified issues.
• Supports ongoing vendor risk monitoring activities to include risk rating annual reassessments and reporting of vendor performance.
• Supports the development testing and maintenance of business continuity and disaster recovery plans for critical systems and operations.
• Coordinates and supports tabletop and full-scale exercises tracks remediation actions and contributes to program maturity assessments.

Core Skills and Qualifications:

• Bachelors degree in Cybersecurity Information Systems Risk Management or related field required.
• 5 years of recent and progressive knowledge and experience in an information security and/or risk management role within a financial services or community bank environment required.
• Ability to quickly grasp and understand the Banks business and strategic goals and objectives required.
• Professional certifications as Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) or equivalent preferred.
• Equivalent combination of education training certifications and/or relevant work experience in a senior or lead capacity may be considered.
• Provide an exceptional level of service for internal and external customers with the ability to build and maintain positive professional relationships to successfully interact with and influence all levels of management and functional and cross-functional areas across the organization.
• Highly effective listening verbal written and telephone etiquette business communication skills including effective questioning strategies negotiation and presentation skills to communicate security-related concepts in a variety of settings to a broad range of technical and non-technical staff with the ability to act as a bridge between IT and business process owners. Ability to read write speak and understand English well.
• Strategic in approach to problem solving and decision-making with demonstrated ability to quickly focus on key issues and make decisions under pressure of time constraints.
• Strong knowledge of regulatory frameworks (e.g. FFIEC GLBA PCI-DSS SOX FFIEC HIPAA etc.) and in depth understanding of NIST CSF ISO 27001 COBIT COSO and vendor risk management frameworks.
• Strong understanding of information and cyber security concepts including encryption access controls network security security operations security architect threat modeling and design.
• Thorough knowledge and understanding of related statutory banking compliance regulations issued by the FDIC FinCEN and Federal Reserve Board with strong knowledge of privacy laws such as GLBA and SOX.
• Strong planning organizational time management and follow-up skills demonstrating a strong sense of urgency and ability to execute quickly timely and efficiently; independently ensuring that priorities are set and commitments and deadlines are met with minimal direction and oversight.
• Advanced working knowledge and experience in information security assessment and auditing procedures both technical and business perspectives using formal methodologies such as NSA IAM vulnerability scanning and auditing tools enterprise-scale network and host-based IDS architectures firewall architectures computer investigation and forensics methods and technologies and secure messaging architectures required.
• Unquestionable integrity in handling sensitive and confidential information required.
• Proficient and advanced use and understanding of MS Office products (Word Excel Outlook) with the ability to adapt to and learn new technologies quickly.

Work Environment/Conditions:

• Climate controlled office environment.
• Work involves being able to concentrate on the matter at hand under sometimes distracting work conditions and frequent employee and customer contacts and interruptions during the day.

Physical Demands/Effort:

• Work may involve the constant use of computer screens reading of reports and sitting throughout the day.
• Ability to operate a computer keyboard multi-line telephone photocopier scanner and facsimile which often requires dexterity of hands and fingers with repetitive wrist and hand motion.
• Typically sitting at a desk or table; intermittently standing stooping bending at the waist walking climbing kneeling or crouching to file materials
• Occasional lifting up to 20 lbs. (files boxes etc.).

At Heritage Bank we work hard but we also know how important it is to take time off to stay healthy relax and spend time doing what makes your heart happy!

As part of our team youll enjoy a total rewards package which includes base salary based on the role experience and skill set along with an exceptional benefits package (medical dental vision life insurance 401(k) community volunteer time) and generous time off policy. Full-time team members receive a minimum of 10 paid vacation days annually* and eight hours of paid sick leave per month* while also enjoying 11 paid holidays each calendar year and an annual float day. *pro-rated from start date and/or hours worked. To view Benefits Summary: Apply > Current Openings > position > attachment.

The above statements are intended to describe the general nature and level of work being performed and are not an exclusive list of all qualifications for this position.

Heritage Bank is an Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age protected veteran status disability or any other basis protected by applicable law.

Job applicants have certain legal rights. Please clickherefor information regarding these rights.

If you need assistance completing the online application please email:

Salary Range Disclaimer

The base salary range represents Heritage Banks current salary range for the position. Actual salaries will vary depending on factors including but not limited to qualifications experience and job performance. The range listed is just one component of Heritage Banks total compensation package for full time and part time employees. Depending on position other total compensation rewards may include monthly quarterly or annual incentive and/or bonuses.