Chief Information Security & Privacy Officer - Thrivent Bank In Formation

About The Position

Requirements

• Degree in business administration or a technology-related field required.
• Professional security management certification such as Certified Information Systems Security Auditor (CISSP), Certified Information Security Auditor (CISA), Certified Information Systems Manager (CISM) or Certified in Risk and Information Systems Control (CRISC), Certification in privacy management or compliance preferred
• Minimum of eight to twelve years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience in Cybersecurity risk principles and frameworks
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing/Elastic computing across virtualized environments.
• Experience with PCI DDS
• Strong analytical and problem-solving skills

Responsibilities

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes including the information security and cybersecurity risk assessments
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Develop and maintain information security and privacy polices and procedures in accordance with industry standards and applicable laws and regulations.
• Work with cross-functional teams to ensure the privacy and security of all data collected, stored, or transmitted by the organization.
• Manage and investigate security incidents and privacy breaches to ensure compliance and identify areas for improvement.
• Coordinate breach response activities.
• Execute GLBA risk assessment annually
• Stay up to date with industry best practices and changes in laws and regulations related to information security, cybersecurity, disaster recovery and privacy.

Benefits

• various bonuses (including, for example, annual or long-term incentives); medical, dental, and vision insurance; health savings account; flexible spending account; 401k; pension; life and accidental death and dismemberment insurance; disability insurance; supplemental protection insurance; 20 days of Paid Time Off each year; Sick and Safe Time; 10 paid company holidays; Volunteer Time Off; paid parental leave; EAP; well-being benefits, and other employee benefits.