IT Governance, Risk & Compliance Manager (Remote)

SUMMARY

The IT Governance, Risk & Compliance Manager’s role is to develop risk mitigation strategies and action plans as appropriate across technology vendor relationships. This position will lead related Information Security and Technology risk management activities as assigned, including cyber security risk assessments, response to internal and external audits and exams, SOC2 and other third-party reviews, assessments, technology selections and implementations and data analysis. Ensure the streamlined operation of the IT department is in alignment with the business objectives and risk management policies of the organization. Acts as a mentor and knowledge resource for IT staff and assists with the development of IT policies, standards, guidelines, procedures, and methods.

ESSENTIAL DUTIES

1. Upholds, at all times, the Bank’s Core Values of: Integrity, Respect, Positive Attitude, Empowerment, Accountability, and Excellence.

2. Delivers on the Bank’s tagline of “Your Best Banking Experience, Ever!” by reinforcing the application of superior customer service through own example along with appropriate follow through with involved customers and employees.

3. Collaborate and consult with IT teams, IT vendors and business teams to enhance internal control processes, risk, and controls.

4. Manages the development, testing, and maintenance of disaster recovery plans for IT and Banking systems; Manages the development and implementation of information security/technology needs for the Bank; manages training and awareness programs to educate employees about information security solutions and their requirements; keeps current with the latest technologies.

5. Identity, review, and articulate business risks associated with technical vulnerabilities and risks, including IT risks, controls, improvements, and opportunities in support of Risk management and Regulatory compliance.

6. Perform self-testing to determine adherence to controls, policy, procedures, and standards. Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure appropriate remediation measures are taken.

7. Manages the Bank’s required audits by third parties and examinations by local and federal government agencies; manages the bank’s annual IT Risk Assessments, both standard and Cybersecurity. Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership, and relationships. Acts as an escalation point for issues raised by auditors.

8. Test and assess adequacy and effectiveness of control structure, along with practical recommendations to improve the effectiveness, and efficiency of control or process.

9. Source and negotiate purchases and contract renewals. Create orders, coordinate review and approval of invoices for all IT spending, ensuring invoices are accurate and sent to AP for payment in a timely manner.

10. Manage on-boarding of new vendors and maintain current vendor relationships by communicating with internal teams. Monitor vendors to ensure they meet their agreement and contract obligations.

11. Oversee and or develop Ongoing Monitoring (OGM) plans in alignment with TPRM policy for newly on boarded Technology Third Parties and ensure execution of OGM plans for existing engagements.

12. Keep abreast of the latest Third-Party best practices and regulatory requirements as it relates to the technology vendors.

13. Ensure business adherence to related risk policies, standards, and procedures across the risk life cycle to include contract reviews and ongoing monitoring.

14. Publish monthly contract dashboards and schedule recurring business review meetings with vendors.

15. Manage contract documents through execution and ensure any contract addendums or amendments follow parameters.

16. Conduct regular contract reviews of vendors and ensure Managed Services vendors adhere to Bank’s policies and procedures. Monitor expiration dates and prepare contract extensions as needed; assist with contract coordination.

17. Track mitigation steps and ensure that risks are remediated appropriately and in a timely manner. Monitor and report risk/IT audit issue remediation progress, escalating to senior management.

18. Analyze, assess, and report out risk trends and systemic issues across contractual relationships. Identify changes in business or relevant regulations that may lead to an increase in risks pertaining to Third Party relationships.

19. Carry out and lead related information Security and Technology risk management activities as assigned. Requires skill in leading complex discussions across technology and business with subject matter experts, driving towards clear and documented solutions and timelines.

20. Builds effective relationships with IT management and staff, as well as external stakeholders in Security, Compliance, and Risk Management.

21. Skilled in leading complex discussions across technology and business with subject matter experts, driving towards clear and documented solutions and timelines.

22. Assist management with research and analysis; assumes responsibility for and manages all aspects of special projects as assigned.

23. Other duties as assigned.

SUPERVISORY RESPONSIBILITY

The position of IT Governance, Risk & Compliance Manager is responsible for the supervision of 2 or more employees.

MENTAL DEMANDS

This position requires the ability to accommodate reading documents or instruments, detailed work, problem solving, customer contact, reasoning, math, language, presentations, verbal and written communication, analytical reasoning, stress, multiple concurrent tasks, and constant interruptions.

MINIMUM REQUIREMENTS

• Bachelor’s Degree in the Area(s) of Information Technology, Business Administration or related, and five (5) or more years of Information Technology experience and/or Risk Management disciplines preferably in a financial services industry.

• One or more of CISA, CRISC, CISM, CISSP, or CGEIT certification preferred.

• Knowledge of risk techniques, practices, and control frameworks. Knowledge of various banking and government regulatory requirements and processes. Knowledge of regulatory guidance pertaining to enterprise risk and operational risks.

• Proficiency in information security, risk management, and audit (risk/security policies, procedures, and control).

• Advanced knowledge of one or more IT processes and controls and a deep understanding of risk and control frameworks.

• General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SANS top 20 and NIST 800-53 and SOX Compliance.

• Requires knowledge of the business and environment of IT with the respect to the delivery of projects, strategic initiatives, and systems portfolio to effectively assist IT managers and staff with risk and compliance management.

• Advanced Knowledge of information technologies and their practical applications.

• Advanced knowledge of computer operating systems and networking technologies.

• Excellent business written and oral communication skills. Ability to work with all levels of management.

• Strong organizational, problem-solving, and analytical skills. Ability to manage priorities and workflow. Versatility, flexibility, and a willingness to work within constantly changing priorities with enthusiasm.

• Ability to work independently and as a member of various teams and committees. Proven ability to handle multiple projects and meet deadlines. Acute attention to detail. Demonstrated ability to plan and organize projects.

• Proficient on Microsoft Office suite of products and general IT infrastructure technologies.

• Good judgment with the ability to make timely and sound decisions. Ability to work on complex projects with general direction and minimal guidance. Ability to effectively present information and respond to questions.

• Must be able to speak, read, write, and understand the primary language(s) used in the workplace. Ability to deal effectively with a diversity of individuals at all organizational levels.

• Must be able to sit for long periods of time, operate a computer, and telephone.

• This position requires writing, typing, speaking, listening, lifting (up to 50 pounds), driving, carrying, seeing (such as close, color and peripheral vision, depth perception and adjusted focus), sitting, pulling, walking, standing, squatting, kneeling, and reaching.

• Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Management reserves the right to change this position description at any time according to business needs.