Manager, IS Risk Management

In this role, you will manage the Information Security and Information Technology (IS/IT) Risk Management program to meet the business objectives and needs of our members, and teams. Partner with business and technology leads to help them understand and manage the risk of cyber events to their business. 

Responsibilities

• Develop and mature the IT/IS risk management program, practices, and procedures; operationalize and institutionalize processes.
• Build a risk management program aligned with NIST risk management frameworks.
• Partner with the business to understand the impact of cyber events on Alliant and it's members, with an emphasis on areas of material risk.
• Partner with threat intelligence to understand adversary intentions and capabilities and work with Enterprise Risk Management to manage risk acceptance.
• Inform the prioritization of NIST CSF maturity investments to reduce the risk of cyber events having an impact on Alliant and it's members.
• Translate cyber risk into business risk to drive effective risk-based conversation with business leadership, enabling informed decision making.
• Implement quantitative risk assessment to determine annual loss.
• Execute and drive improvements of Application Security Risk Assessments and Global Information Security Risk Assessments.
• Ensure organization regulatory and audit readiness for the risk management program and facilitate resolution of findings and recommendations associated with the risk program.
• Plan, oversee and lead the work of the team to meet functional and individual operational objectives and goals. Coach, mentor, and develop staff, including overseeing new employee onboarding and providing career development planning and opportunities. Responsible for hire, fire, performance, discipline and problem-resolution decisions.

• Bachelors Degree - Information Security, Information Technology, Computer Science or Related - Minimum

• 5 Years - IT Risk Management, Information Security, information Technology or Related - Minimum
• 3 Years - People Management - Preferred

In Lieu of Education:

• 8 Years - IT Risk Management, Information Security, or Information Technology including People Management - Minimum

License/Certifications/Training:

• Preferred: Governance Certification
• Preferred: Knowledge of ISO 27001 standards and NIST frameworks.
• Relevant certifications such as CISM, CISA, or CRISC

Compensation & Benefits:

Typical hiring range:‏‏‎ ‎$128,500 ‎-‏‏‎ ‎$186,300 Annually. Actual compensation will be determined using factors such as experience, skills & knowledge. 

Additional Compensation: Annual performance bonus 

‎Benefits: Alliant provides a benefits package including health care, vision, dental, and 401k with employer match.

Additional Benefits:

• Work from home up to 3 days a week
• Paid parental leave
• Employee discount programs
• Time off including paid personal and sick days
• 11 paid holidays 
• Education reimbursement

*Note that eligibility and cost of benefits can vary depending on the number of regularly scheduled hours, and job status such as regular full-time, regular part-time, or temporary employment.

Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives.

The responsibilities listed do not contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice.