Director - Information Security Risk

Sunrise Banks, based in Minneapolis/St. Paul, MN, uses advancing technologies to build financial products and services that are inclusive and socially responsible. A career at Sunrise gives you an opportunity to use your technical knowledge to contribute to one of the planet’s most socially and environmentally responsible companies.

POSITION SUMMARY

The Director – Information Security Risk Officer will function as a 2nd line of defense role, providing credible challenge and oversight of information security activities. This role will be responsible for developing, implementing, and maintaining a program for assessing, identifying, and tracking information and cybersecurity risks and working with the applicable business lines on mitigation.

ESSENTIAL FUNCTIONS

• Develop, implement and monitor a strategic, comprehensive enterprise information security risk assurance program to ensure the integrity, confidentiality and availability of data.
• Develop and implement a comprehensive risk-based privacy program, to include data governance, data discovery and classification, breach notification, data retention, etc. in compliance with all applicable laws and regulations (GLBA, CCPA, GDPR, etc.)
• In coordination with the IT department, document and maintain information security policies
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Assess and advise on operational risk of new and existing third parties (including Fintech partners) in accordance with established SLA for Third Party Risk. Partner with Third Party Risk to define standards and processes to assess vendor information security risk and periodic audits of third-party service providers’ information security and business continuity controls
• Provide regular and consistent reporting on the risk status of the information security and privacy program to enterprise risk management, senior business leaders and the board of directors, including the annual GLBA report
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
• Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings
• Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the Bank
• Lead information security awareness and training initiatives to educate workforce and customers about information risks.
• Participate with incident response team to contain, investigate, and prevent future computer security breaches.
• Oversee the reconciliation and certification of user access to applications and systems.
• Participate and provide guidance to applicable management committees
• Address questions from and liaise with internal and external auditor and regulatory examiners

KEY COLLABORATORS

IT Security Operations, Infrastructure, Enterprise Risk Management, Third Party Risk, Internal Audit, National Products, all business line leaders.

SUPERVISORY RESPONSIBILITIES

This position supervises two security risk analysts.

Responsible for the hiring, performance management and development of these employees.

COMPETENCIES

• Sunrise Core Values 
• Individual Contributor Competencies 
• Manager Competencies 
• Area Expertise 
• Change Champion 
• Influencing Skills 
• Strategic Thought 
• Conflict Resolution

EDUCATION & EXPERIENCE

• Bachelor’s degree in Information Systems or Technology preferred.
• 7+ years information security risk management experience in the banking industry required.
• Experience developing a comprehensive security program, including risk assessment and framework.
• Fiserv system experience beneficial.
• Fintech sponsor bank experience beneficial.
• Extensive knowledge of privacy and data protection laws, regulations, and best practices including GLBA and data breach handling
• Extensive knowledge of industry standards/frameworks (FFIEC, NIST, ISO, PCI).
• Information security certification preferred (e.g. CISSA, CISM, etc.)
• Strong team builder, mentor and coach.
• Strong presentation and written communication skills