DescriptionWe exist to help people achieve financial clarity. At Thrivent, we believe money is a tool, not a goal. Driven by a higher purpose at our core, we are committed to providing financial advice, investments, insurance, banking and generosity programs to help people make the most of all they’ve been given.
At our heart, we are a membership-owned fraternal organization, as well as a holistic financial services organization, dedicated to serving the unique needs of our clients. We focus on their goals and priorities, guiding them toward financial choices that will help them live the life they want today—and tomorrow.
The Credit Union Information Risk Officer position is a credit union individual contributor role who creates and drives the information security processes at the credit union. Reporting into the risk team, Credit Union Information Risk Officer creates, modifies, and administers the credit union’s information security program through policy, process, procedure, and governance. The Credit Union Information Risk Officer participates on credit union technology committees, serves as a member of the credit union audit review committee, and serves as the primary contact point for all matters related to the information security program.
This individual contributor role supports a $850 million credit union in securing information. It involves reviewing security controls and testing reports from application vendors and the credit union sponsor, Thrivent Financial’ s information security team, and providing recommendations for additional controls in accordance with banking regulations. Strong preference for candidates with experience in information security, with backgrounds in the areas of Compliance, Internal Audit, Risk and/or Business Resumption Planning.
Duties and Responsibilities:
- Liaison: Primary contact point for business continuity, information security, and incident response programs.
- Program Management : Creation and modification of the credit union policy and procedures concerning the treatment of all data with a focus on member data. Trains and maintains staff knowledge of the program as appropriate. Ensures that the program meets all regulatory requirements and keeps up to date on regulatory changes.
- Governance : Ensures that the information security program runs smoothly, has the necessary controls, that those controls are active and exercised, and runs exercises with staff to ensure that controls work as expected.
- Cyberrisk and Cyber Intelligence : Keeps on pace with developments in the threat arena, helps the board and leadership understand the threat landscape, and advises same on the security implications of tactical moves and strategic initiatives.
- Data Loss & Fraud Prevention : Ensures that policies and procedures are effective and followed where staff access to internal and member data is concerned and advises on vendor risk and data/fraud exposure.
- Investigations and Forensics : Determines what occurred in a breach, forms a response, coordinates that response, and then provides after-action reporting to executive team and the board as well as an internal procedures review to avoid similar actions in the future.
- Security Operations : Conducts security audits such as user access, change management, and vendor risk assessments. Participates as the senior member during any breach or data loss scenario. Analyzes and controls any third-party vendor audit reports (such as SSAE16 reports).
- Security Architecture : Advises and consults on any security infrastructure changes internally, with partners, and in any vendor scenario.
- Identity and Access Management : Ensures that only authorized users have access to applications, process, and data.
Qualifications and Skills
- Bachelor’s degree in a business or security-related field.
- 5 to 7 years of Information Security experience, with backgrounds in the areas of Compliance, Internal Audit, Risk and/or Business Resumption Planning.
- Knowledge of banking system process and procedure.
- Clear understanding of banking regulatory requirements for information security.
- 3-5 years of direct credit union experience.
- 7-10 years experience in banking, credit union, or government finance.
- Master’s degree in a banking-related or security-related field.
- Professional security designation such as CISSP, CISA, CISM.
- This position allows a flexible work arrangement meaning you may work on-site and/or remotely from the Minneapolis, MN, Appleton, WI, or Salt Lake City, UT area.
Thrivent provides Equal Employment Opportunity (EEO) without regard to race, religion, color, sex, gender identity, sexual orientation, pregnancy, national origin, age, disability, marital status, citizenship status, military or veteran status, genetic information, or any other status protected by applicable local, state, or federal law. This policy applies to all employees and job applicants.
Thrivent is committed to providing reasonable accommodation to individuals with disabilities. If you need a reasonable accommodation, please let us know by sending an email to email@example.com or call 800-847-4836 and request Human Resources.