Information Security Governance Risk

DescriptionJoin Our Team For over 70 years, Teachers Federal Credit Union has been committed to guiding members toward building a strong financial foundation today for a better tomorrow. Named one of America's Best-In-State Credit Unions by Forbes Magazine in 2022, Teachers has grown into one of the leading credit unions in the United States. As we broaden our national reach, we will continue to ensure that Teachers is a Best Place to Bank and a Best Place to Work. Teachers offers a variety of exciting career opportunities ranging from part-time and full-time staffers to executive leadership roles. Summary: The Information Security Governance Risk & Compliance Manager is responsible for managing, planning, and executing security initiatives related to governance, risk management, compliance, and audit oversight. The Information Security Governance Risk & Compliance Manager oversees anti-phishing campaigns, security awareness training, risk assessments, vendor security reviews, and managing audit activities related to security governance and controls. Education and/or Experience: Bachelors degree or a minimum eight years directly related experienced Minimum 5 years of experience in information security Governance, Risk, and Compliance required Managing complex security programs required CISSP, CISM, CRISC, or similar preferred Experience with security tools, technologies, and risk management platforms required Proven track record of managing and executing information security programs, including anti-phishing campaigns, risk assessments, and security awareness training. Strong understanding of regulatory frameworks and industry standards (GDPR, CCPA, NIST, ISO 27001, SOC 2, etc.). Experience conducting vendor security assessments and reviewing SOC reports. Solid knowledge of information security principles, including risk management, incident response, and security controls. Knowledge of data privacy regulations Experience with a variety of ITGRC tools such as ServiceNow and RSA Archer and others. Proven experience in audit oversight, managing both internal and external audit processes, and addressing audit findings related to information security. Excellent communication skills, with the ability to articulate complex security topics to both technical and non-technical stakeholders. Strong analytical and problem-solving skills, with attention to detail and the ability to drive continuous improvement in security processes. Ability to work independently and manage multiple projects simultaneously. Job Responsibilities: Security Awareness Training: Develop, coordinate, and deliver ongoing security awareness training programs to educate employees on security best practices and risk mitigation techniques. Anti-Phishing Campaigns: Plan, manage, and execute anti-phishing campaigns to assess and improve employee awareness and the organization's resilience against phishing attacks. Risk Assessments: Manage planning and execution of regular risk assessments, ensuring the identification, evaluation, and mitigation of security risks across the organization. Vendor Security Reviews: Manage and review vendor security assessments, including the evaluation of SOC reports, to ensure third-party risk is managed in accordance with security policies and standards. Governance and Compliance: Oversee information security governance processes, ensuring adherence to relevant regulatory frameworks, industry standards, and internal policies. Lead compliance activities related to security controls, data privacy, and industry regulations. Audit Oversight: Manage the execution and oversight of internal and external audits, ensuring security and compliance audits are conducted according to the established audit schedule. Collaborate with auditors to address security-related audit findings and ensure timely remediation of issues. Day-to-Day Information Security Activities: Handle day-to-day information security activities, including incident management, reporting, and compliance tracking, ensuring that all aspects of the security program are functioning optimally. Reporting & Metrics: Provide regular updates and reports to senior leadership on the effectiveness of security programs, compliance status, audit results, and risk mitigation efforts. Develop metrics to track progress and demonstrate the effectiveness of security initiatives. Continuous Improvement: Stay informed on the latest security threats, trends, and technologies. Recommend and implement best practices for improving information security governance, compliance, and audit preparedness. Benefits of Joining the Teachers Team: We provide a competitive compensation and benefits package that includes, but is not limited to: Paid time off for vacation, personal days, and holidays Fully-funded pension plan 401(k) company contribution Teachers pays 100% of Dental & Vision premium Tuition reimbursement is offered to full-time employees Exclusive employee discount of 0.96% APR on credit card loans and a 1.00% APR on all other loans through Teachers The good faith range for this position is $118,250 - $147,850 annually. This range is an estimate, based on potential employee qualifications and operational needs. The salary may vary above and below the stated amounts, as permitted by applicable law. All candidates will be subject to a background check, credit check, and drug test to determine employment eligibility. To learn more about Teachers and to view a full list of our job opportunities please visit Click here to view: California Privacy Notice #LI-KM