Information Security Risk Manager

Job Title: Information Security Risk Manager

General Job Description

The Information Security Risk Manager has a highly collaborative role with primary responsibility for identifying risks across Argent's information technology and information security programs and recommending appropriate and effective solutions that align with business goals. The Information Security Risk Manager will work with the Technology and Risk Teams to establish robust procedures for oversight and on-going monitoring of these risks. Relevant risk factors may include the risk of system failure or loss of data as well as reputational risk and regulatory compliance.

Essential Duties

• Perform comprehensive IT and security risk assessments, monitor vulnerabilities, and develop actionable risk metrics and dashboards.
• Execute security risk related projects/programs, such as updating security policies, standards and participating in security awareness programs.
• Monitor current and proposed laws, regulations, industry standards, and ethical requirements related to Information Security and Privacy
• Work with the Risk Committee to oversee a framework and methodology for completion of contingency plans by internal business units.
• Interface with Internal and External Auditors and Regulators
• Establish protocols for the reporting and escalation of any security, privacy, or identity theft incidents, as appropriate.
• Work closely with Information Technology, Compliance, Legal and other business units to integrate compliance requirements into technology/information security related projects and business processes

Qualifications

Knowledge and Skills:

• Familiarity with maximizing the use of Governance Risk and Compliance Automation Software
• Experience with technology risks and controls and deploying information governance, information technology risk management, compliance, information security, or privacy programs required
• Knowledge of information security risk management and IT controls frameworks and methodologies (e.g. NIST CSF, FFEIC)
• Familiar with project management best practices, including planning, execution, monitoring, and risk management to ensure successful project delivery.
• Exposure to and familiarity with relevant standards such as Gramm-Leach-Bliley Act (GLBA), Cybersecurity Supervision Work Program (CSW), Federal Financial Institutions Examination Council (FFIEC) Information Technology (IT) Handbooks, and applicable laws related to regulatory compliance, information security and privacy
• Familiar with Risk Management Principles (risk avoidance, transfer, mitigation, acceptance), and Risk Assessment process.
• Understanding of key technology concepts such as access control, confidential data, encryption, business continuity, and security monitoring tools
• A strong knowledge of IT organization business processes and systems including IT security, data management, architectural and planning, technology life cycle management, continuous audit, regulatory concerns and FFIEC examination materials
• Understanding of risk management functions, including technical standards (preferably CIS) and their implications

• Highly organized with ability to prioritize in a fast-paced environment

• Solid Problem-solving skills and ability to be highly productive, both working independently and as part of a team.

• Excellent organizational skills and attention to detail.
• Excellent written and verbal communication skills.
• Advanced computer skills and proficiency in Microsoft Office Suite or similar software.

Education/Experience:

• Bachelor's degree
• Five to seven years of information technology security, risk management, audit and compliance experience preferred.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Management (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC), preferred at least one of these certifications