Threat Oversight Officer

We are seeking Threat Oversight Officer to join our Compliance team. The threat oversight officer critically reinforces the organizations second line of defense (2LoD) framework and is responsible for providing independent oversight rigorous challenge and governance of cybersecurity risk across the bank while ensuring cybersecurity risks are identified assessed monitored and reported in alignment with the banks risk appetite regulatory obligations (GLBA FFIEC OCC/FDIC) and industry best practices.

The geographical location for this position is Tacoma WA Seattle WA Spokane WA Portland OR or Eugene OR.

Base Salary Range:

$100884.00 - $126105.00 -$151326.00 annual

The Role at a Glance:

• Oversees and maintains the Cybersecurity Risk Management Framework aligning to FFIEC NIST CSF and the banks Information and Cyber Security Program.
• Maintains and continuously updates cyber risk taxonomies classification models and impact assessment criteria.
• Independently reviews and challenges 1LoD cybersecurity risk assessments control self-assessments (CSAs) and remediation plans.
• Provides formal risk opinions on major technology initiatives digital transformation efforts and cloud or third-party onboarding.
• Leads and/or supports thematic reviews of cybersecurity initiatives and emerging risk areas (e.g. zero trust architecture multi-factor authentication (MFA) implementation and AI usage) to evaluate risk exposure control effectiveness and alignment with security standards.
• Develops and maintains cybersecurity risk metrics and key risk indicators (KRIs) to ensure alignment with the organizations risk appetite.
• Prepares and delivers executive and board-level risk reporting highlighting trends emerging threats and control gaps.
• Leads and oversees the annual planning of security testing activities to ensure appropriate coverage of key systems and risks.
• Reviews and monitors risk acceptances control exceptions audit/regulatory findings and enforce timely remediation of items. Ensures risk acceptance processes include clear compensating controls expiration timelines and documented approvals.
• Provides independent cyber risk oversight for third-party vendors especially those handling sensitive data or key infrastructure.
• Supports cybersecurity components of internal audits and regulatory examinations (e.g. FDIC OCC FFIEC).
• Leads and manages the Banks Threat Intelligence program and Information and Cyber Security Council.
• Maintains up-to-date understanding of evolving cybersecurity regulatory expectations.

Core Skills and Qualifications:

• Bachelors degree in Information Security Risk Management Information Technology or related field required.
• 5 years of recent and progressive knowledge and experience in a cybersecurity IT risk management or audit role within a financial services environment
• Professional certifications as Global Information Assurance Certification (GIAC) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) Microsoft Azure or equivalentpreferred.
• Equivalent combination of education training certifications and/or relevant work experience may be considered.
• Provide an exceptional level of service for internal and external customers with the ability to build and maintain positive professional relationships to successfully interact with all levels of management and functional and cross-functional areas across the organization.
• Excellent listening verbal written and visual communication skills with the ability to translate complex risk information into clear actionable reporting and presentations for technical and non-technical audiences. Ability to read write speak and understand English well.
• Strategic in approach to problem solving and decision-making with demonstrated ability to quickly focus on key issues and make decisions under pressure of time constraints.
• Strong analytical and critical thinking skills with the ability to independently assess risk decisions and constructively challenge first-line assumptions and conclusions.
• Thorough knowledge and understanding of cybersecurity and regulatory frameworks including NIST CSF FFIEC guidance ISO 27001/27005 SOX and GLBA/Interagency Guidelines.
• Knowledge of the Three Lines of Defense operating model and its application in enterprise risk management including coordination among business operations independent risk oversight and internal audit functions.
• Strong planning organizational time management and follow-up skills demonstrating a strong sense of urgency and ability to execute quickly timely and efficiently; independently ensuring that priorities are set and commitments and deadlines are met with minimal direction and oversight.
• Unquestionable integrity in handling sensitive and confidential information required.
• Proficient and advanced use and understanding of MS Office products (Word Excel Outlook) with the ability to adapt to and learn new technologies quickly.

Work Environment/Conditions:

• Climate controlled office environment.
• Work involves being able to concentrate on the matter at hand under sometimes distracting work conditions and frequent employee and customer contacts and interruptions during the day.
• Work requires regular attendance punctuality and adherence to agreed-upon schedule with willingness to work a flexible and/or rotating schedule and or extended hours as needed.

Physical Demands/Effort:

• Work may involve the constant use of computer screens reading of reports and sitting throughout the day.
• Ability to operate a computer keyboard multi-line telephone photocopier scanner and facsimile which often requires dexterity of hands and fingers with repetitive wrist and hand motion.
• Typically sitting at a desk or table; intermittently standing stooping bending at the waist walking climbing kneeling or crouching to file materials.
• Occasional lifting up to 20 lbs. (files boxes etc.).

At Heritage Bank we work hard but we also know how important it is to take time off to stay healthy relax and spend time doing what makes your heart happy!

As part of our team youll enjoy a total rewards package which includes base salary based on the role experience and skill set along with an exceptional benefits package (medical dental vision life insurance 401(k) community volunteer time) and generous time off policy. Full-time team members receive a minimum of 10 paid vacation days annually* and eight hours of paid sick leave per month* while also enjoying 11 paid holidays each calendar year and an annual float day. *pro-rated from start date and/or hours worked. To view Benefits Summary: Apply > Current Openings > position > attachment.

The above statements are intended to describe the general nature and level of work being performed and are not an exclusive list of all qualifications for this position.

Heritage Bank is an Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age protected veteran status disability or any other basis protected by applicable law.

Job applicants have certain legal rights. Please clickherefor information regarding these rights.

If you need assistance completing the online application please email:

Salary Range Disclaimer

The base salary range represents Heritage Banks current salary range for the position. Actual salaries will vary depending on factors including but not limited to qualifications experience and job performance. The range listed is just one component of Heritage Banks total compensation package for full time and part time employees. Depending on position other total compensation rewards may include monthly quarterly or annual incentive and/or bonuses.