Technology and Information Security Risk Manager

Company: Columbia Banking System
Location: Spokane
Posted on: June 10, 2021

Job Description:

This role will support oversight of the Bank's risk appetite within the Technology and Information domain and will include analysis and assessment of risk based on key indicators and identified issues. This role requires knowledge of technology and information security controls as well as industry standard approaches to measuring the associated risk. The position reports through Corporate Risk to ensure independence from Information Technology management and operations staff.Essential Job Functions:* Provide independent second line oversight and monitoring of key risks across technology, including core architecture and infrastructure, data management, development, technology and information security and other related functions* Develop and implement the Bank's Information and Technology Risk Management programs including governance frameworks, standards and procedures* Provide architectural guidance and recommendations on technical and non-technical technology and information security matters for internal development and infrastructure security projects* Establish and produce management KRI reporting for areas of assigned risk management to senior management and the board* Provide challenge and assessment of potential technology risk including information and technology security control weaknesses. Provide technology and information risk subject matter expertise, and monitor and communicate the risk environment to management, and other key stakeholders.* Develop technology and security risk scenarios to identify potential attack vector and TTP (tactics, techniques and procedures) to guide the continuous improvement of the Bank's Information and Technology defense posture* Support first line managers in their ownership of Technology and Information risk and controls by establishing and communicating common risk management taxonomies, assessment methodologies, standards and practices* Manage and assist in performing on-going monitoring of information systems including assessing technology and information security risk through qualitative risk and maturity analyses on a regular basis* Partner with first line management to maintain a risk framework including assessment of risks and establishment of agreed upon tolerances* Partner with first line management to evaluate and recommend new technology and information security controls against threats to information and/or privacy and ensure product alignment across all three lines* Maintain a current understanding the IT threat landscape for the industry.* Provide second line technology risk support in the selection, management and oversight of strategic and/or critical third party IT service providers* Partner closely with the third line Internal Audit function to ensure an effective integrated risk assessment and assurance testing program is maintained* Train and mentor a team of analystsAll employees are responsible for internal controls in the performance of their assigned duties. Internal Control responsibilities are established in various policies, procedures, and documents, including the Code of Conduct.Minimum Job Requirements:* Bachelors' degree (business or technology preferred)* Professional Certification in information security such as CRISC, CISSP, CISM, CISA* 8 years banking or management consulting experience of which 5 years should be in risk management* Solid technical and functional knowledge of external regulations, policies, and development for Information Security, Cyber Risk and IT Risk.* Experience defining/documenting business processes and writing policies and procedures* Proven ability to understand, identify, analyze and communicate clearly the organizations technology and cyber risks* Experience with IT risk management operating models, three lines-of-defense frameworks, integrated risk management practices, and risk intelligence capabilities* Process and detail oriented, with an ability to think strategically* Strong organizational/analytical/problem-solving abilitiesPhysical and Mental Requirements:* Ability to sit at a computer monitor for extended periods of time* Ability to perform repetitive finger, hand, and arm movements* Ability to lift up to 15lbs.* Ability to effectively discern information and formulate appropriate action* Ability to reach, squat, bend, and manually manipulate standard office equipmentValues and Behaviors:* Build enduring RELATIONSHIPS with clients and each other.* Drive INNOVATION that simplifies life and work.* Seek continuous GROWTH in your personal and professional development.* Commit with HEART to serve others.* Extend TRUST in order to receive it.Notice to Agency and Search Firm Representatives:We do not accept unsolicited resumes from agencies and/or search firms. Agencies must obtain advance written approval from Columbia Bank's Talent Acquisition team to submit resumes, and then only in conjunction with a valid fully-executed written requisition contract for service and in response to a specific job opening. Resumes submitted to any Columbia Bank employee by a third party agency and/or search firm without a valid written and signed requisition search agreement, will become the sole property of Columbia Bank. Columbia Bank will not pay a fee to any Agency that does not have such agreement in place. No employee outside of Columbia Bank's Talent Acquisition team has the authority to enter into a requisition search agreement. Associated topics: chief program officer, cpo, manage, manager, management, monitor, product manager, project manager, relationship manager, task

Keywords: Columbia Banking System, Spokane , Technology and Information Security Risk Manager, Other , Spokane, Washington