Information Security & Technology Mgr, Sr

About The Position

Requirements

• Bachelor degree in Information Technology, Cybersecurity, Risk Management, Audit, or related field (advanced degree preferred).
• 10+ years relevant experience across information security, technology risk, governance, risk, and compliance (GRC), or related disciplines in a highly regulated industry, with a minimum of 3 years managing teams.
• 3+ years of management experience.
• Demonstrated experience aligning security and technology risk governance to recognized frameworks (e.g., NIST, ISO 27001) and banking regulatory expectations.
• Experience establishing risk monitoring, independent testing/validation, and issue/exception governance processes with strong evidence discipline.
• Strong communication skills; experience presenting risk posture, trends, and recommendations to management committees.
• Proven ability to partner effectively across all levels of the organization and develop positive working relationships.
• Strong presence with internal partners and external constituents, as necessary
• Thorough understanding of auditing/examination techniques.
• Knowledge of applicable state and federal banking laws and regulations and of bank services, policies, and procedures.
• Demonstrates conceptual thinking and analytical skills.
• Advanced problem-solving skills with the ability to define problems, analyze variables and propose solutions.
• Strong leadership skills with supervisory experience, strong interpersonal skills and knowledgeable risk management professional.

Nice To Haves

• Preferred certifications: CISSP, CISM, CISA, CRISC, or equivalent.

Responsibilities

• Support the development, enhancement, and ongoing maintenance of the enterprise Information Security & Technology Risk Management (ISTRM) framework, including programs, policies, standards, guidelines, and procedures to ensure alignment with regulatory and industry expectations.
• Contribute to the maintenance of technology and cyber risk taxonomy, risk appetite alignment, and key risk indicators (KRIs), supporting consistent risk measurement, monitoring, and reporting to management and Board committees.
• Provide independent challenge and advisory support to first line risk offices and technology leadership on risk identification, control effectiveness, and remediation prioritization, while partnering with stakeholders to ensure timely issue identification and resolution.
• Oversee adherence to information security and technology risk policies, programs, and standards, including monitoring control effectiveness and supporting continuous improvement of governance, risk analysis, and oversight practices.
• Support the implementation of information security and technology risk governance, monitoring, and risk management activities, including security awareness initiatives, to promote a strong control environment and risk-aware culture.
• Apply risk management practices to safeguard sensitive data and support compliance with applicable legal, regulatory, and industry requirements across information assets and technology systems.
• Execute and oversee second line monitoring and review activities using a risk-based approach, including validation of control design and operating effectiveness performed by first line teams.
• Maintain and support governance of risk registers, issue inventories, and exception tracking within the enterprise GRC platform; ensure appropriate documentation, escalation, and reporting cadence.
• Develop and deliver clear, concise risk reporting for management and risk committees, including trends, material findings, and aging issues/exceptions.
• Establish and execute an annual independent testing and validation plan across information security and technology risk domains, informed by risk assessments, regulatory expectations, and audit/exam feedback.
• Perform independent validation of remediation for material issues and control deficiencies; confirm evidence sufficiency and recommend formal closure or escalation where gaps remain.
• Coordinate with Internal Audit (3LOD) and external examiners to align testing scopes, reduce duplication, and ensure timely resolution of findings.
• Manage and enhance enterprise security training and awareness activities, including administration of required training and tracking of completion metrics.
• Monitor alignment of enterprise training and awareness efforts with regulatory expectations and evolving threat landscape; report on participation and identified gaps.
• Partner with HR, Compliance, and business units to promote a consistent and risk-aware culture across the organization.
• Support regulatory examinations and audits related to information security, technology risk, and resilience by providing documentation, evidence, and responses as needed.
• Contribute to preparation of management and committee reporting materials, including risk posture updates and tracking of action items.
• Collaborate with Technology, Information Security (1LOD), ERM, Compliance, TPRM, and Legal to support practical and effective governance and risk management practices.

Benefits

• competitive compensation with our salary and incentive program
• medical, dental, and vision insurance
• 401K
• continuing education opportunities
• employee assistance program