Sr. Manager, IS Risk Management at Alliant Credit Union
What will your day look like?
You will be responsible for orchestrating the Information Security and Information Technology (IS/IT) Risk Management program to meet the business objectives and needs of Alliant, our members, and teams. Work requires a broad background and experience in IS/IT Risk Management with additional experience with IS/IT Governance and/or Compliance. The incumbent will mature the IS/IT risk management program and partner with business and technology Leads to identify, analyze, and facilitate decision-making and actioning on risks. The Senior Manager will ensure alignment with ERM processes and organizational risk appetite. Responsibilities include leading the Information Security Third Party Risk Management program to ensure that vendors have adequate controls in place. The incumbent is responsible for providing key stakeholders and management timely and accurate reporting on the status of risks and projects.
Resources to do the job require sound and proven leadership ability, strong analytical skills, and technical expertise. In addition, strong written and oral communication skills, as well as the ability to translate detailed, technical information into business risk. The Senior Manager will also contribute to the company Information Security strategy and roadmap. General direction is received from the Director, Governance, Risk Management and Compliance (GRMC).
Do you see yourself doing this?
- Develop and mature IS/IT risk management program, practices, and procedures; operationalize and institutionalize processes.
- Refine, maintain, and conduct risk assessment process including annual assessment of all applications on an annual basis or as major changes are made.
- Integrate all risk identification sources; analyze and enable one comprehensive view of risks through the organization.
- Partner with the leadership team to keep IS/IT specific risk appetites and tolerances business aligned.
- Bring visibility to existing organizational risks and drive risk-action accountability.
- Mature and formalize the Risk Acceptance process used to assess business risk associated with IT applications or projects.
- Lead risk management or GRMC-related projects as needed.
- Develop and lead the Information Security Third Party Risk Management process to evaluate vendors and ensure existence of appropriate information security controls.
- Work closely with the Third-Party Risk Management enterprise team to align risk processes and ensure company wide view of Third Parties including Information Security controls.
- Partner with strategic vendors and manage relationship with key resources to ensure optimal service levels and work with procurement on contractual requirements.
- Lead team members toward achieving team goals including process improvement, continuous risk reduction, and anticipating and navigating roadblocks to achieve success.
- Deliver timely and concise communication, including developing and producing management reporting, illustrating risk status, tends, and treatment plans.
- Educate Business and IS/IT application owners by leading training session and focus session to demonstrate IS/IT risk management processes and share industry trends.
- Ensure organization regulatory and audit readiness in regards to risk management program and facilitate resolution of any findings and recommendations associate with the risk program.
- Perform other duties & responsibilities as assigned.
Leadership and Performance Management Responsibilities :
- Deliver superior results through quality execution and best practice adaptation.
- Demonstrate courage, ability and agility to understand and address organizational transition in real-time; establish expectations for the unexpected.
- Translates strategic and operating plans into meaningful direction of projects, goals, priorities and activities.
- Captures, analyzes, and understands the internal environment, team dynamics, and talent capabilities to address organizational refinement, agility and growth.
- Champions Employee/Internal Customer Engagement, employee development and all cultural hallmarks through a strong leadership signature and a growing command of Alliant's leadership competencies.
- Continually assesses and provides discerning development, insightful coaching and talent utilization/optimization for direct reports.
- Apply High Performance Management practices in leading an engaged workforce in order to effectively leverage the full potential and talent of this function.
- Provide a structural and consistent approach to ensure that individual development plans are in place, performance management is consistent, performance management process is respected and followed, and coaching and feedback are provided on a regular and dynamic basis.
- Work with your direct reports and help seek out growth opportunities for your reports; continually challenge reports to maximize their engagement and productivity.
- Help propagate messaging across the organization that fosters a broader knowledge of Information Security, promotes collaboration and influences constructive and positive change.
Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensure compliance with all applicable state and federal laws, company procedures and policies. Maintain integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives.
What makes you a great fit?
You'll be a great fit if in addition to the completion of a Bachelor's degree, required, and you have:
- Information Security or Compliance, Risk management, or Governance certifications preferred.
- 7+ years' experience leading others, including technical staff, and has a proven ability to develop, coach and motivate employees effectively.
- Minimum 10 years' experience in IT Risk Management and Information Security is required.
- Demonstrated ability to effectively manage the entire IT Risk program including assessments, risk register, risk treatment, and reporting.
- Knowledge on regulatory requirements and laws, including but not limited to, FFIEC, NCUA, SOX, GLBA, and Privacy and familiarity with ISO 27001/27002 or NIST is preferred.
- Ability to effectively communicate and translate technical risk into business risk.
- Demonstrates strong analytical skills.
- Exceptional written and verbal communication skills.
- Highly effective project management skills.
- Technical aptitude and ability to work collaboratively with a team.
- Ability to influence, negotiate and build strong partnerships.
- Detail oriented with good time management skills.
- Demonstrated ability to handle multiple assignments simultaneously in a time-bound schedule.
- Excellent organizational and follow up skills
- Effective stakeholder management skills.
- Expert problem solving and decision making
When you're happy, we're happy!
As a thank you for joining our team, you'll benefit from:
- Competitive medical, dental, and free vision benefits
- Competitive compensation plan
- Contributions towards gym memberships
- Generous PTO and banking holidays off
Still not convinced?
For more details you can also visit our Glassdoor and LinkedIn profiles.