PRIMARY PURPOSE: Provide leadership through the operationalization of an information security governance, risk, and compliance program, as a member of line one (Three Lines Model) that is accountable for identifying, evaluating, monitoring, reporting, and managing information security risks to enable business outcomes and meet compliance and regulatory requirements.
ESSENTIAL FUNCTIONS include the following.
Other duties may be assigned.
Develop and implement an information security risk framework that incorporates qualitative and quantitative aspects, provides visibility and management of cyber risks, and wholly represents cybersecurity risk aligned with the Wings’ enterprise risk management office.
Lead information security programs and activities including IT governance, compliance, risk management, third party risk management, security education and awareness, and data privacy.
Lead and facilitate information security risk and governance program activities, such as risk assessments, risk exceptions, risk ratings, business risk consultations, risk mitigation and remediation recommendations, monitoring, and capability maturity assessments.
Develops and maintains information security policies and standards.
Coordinate with internal and external auditors and regulators to facilitate audits and IT exams with the goal of assuring compliance and addressing potential issues proactively.
Assist in the development, communication, and execution of information security risk metrics and related tolerances.
Mentors, develops, and oversees the activities undertaken by the information security governance, risk, and compliance analyst.
Establish metric monitoring reports and develop analysis and reporting to identify and communicate risk insights.
Lead the documentation and updating of information security issues within the GRC platform.
Monitor current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance.
SUPERVISORY RESPONSIBILITIES: Directly supervises one or more employees within the Information Security Office.
Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws.
Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.
QUALIFICATIONS:
Bachelor’s degree in Cybersecurity, Information Systems or equivalent.
Eight (8) or more years of experience in cybersecurity or governance, risk, and compliance role.
Experience working in financial services industry.
Industry certification highly desirable (ex: CISA, CRISC, CISSP, CGRC, CIPP, or similar).
Understanding of standards, frameworks, and financial services regulations (including GLBA, NCUA, CFPB, PCI, NIST CSF, etc.
) and internal audit processes.
Being self-motivated and having a high attention to detail are a necessity.
Individual must be able to work in a team environment, have strong problem-solving skills, and be able to independently learn on-the-go.
Strong meeting facilitation skills.
Ability and desire to teach and coach staff to reach their full potential and to assist departmental manager on educating their staff.
Ability to manage multiple tasks and deadlines simultaneously.
Tremendous relationship skills with ability to work with key players in other departments effectively.
Consistently use strong written, presentation, and analysis skills and show an active desire for continuous improvement in these areas.
Act as a key collaborative resource with business, leadership, and technology teams for routine issues and project-related requirements.
Manage and maintain vendor relationships with all levels of support.
Continuous learner striving for continuous self-improvement.
Bondable
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Whatsapp
