Credit Union Information Risk Officer

Description

Duties and Responsibilities:

• Liaison: Primary contact point for business continuity, information security, and incident response programs.
• Program Management : Creation and modification of the credit union policy and procedures concerning the treatment of all data with a focus on member data. Trains and maintains staff knowledge of the program as appropriate. Ensures that the program meets all regulatory requirements and keeps up to date on regulatory changes.
• Governance : Ensures that the information security program runs smoothly, has the necessary controls, that those controls are active and exercised, and runs exercises with staff to ensure that controls work as expected.
• Cyberrisk and Cyber Intelligence : Keeps on pace with developments in the threat arena, helps the board and leadership understand the threat landscape, and advises same on the security implications of tactical moves and strategic initiatives.
• Data Loss & Fraud Prevention : Ensures that policies and procedures are effective and followed where staff access to internal and member data is concerned and advises on vendor risk and data/fraud exposure.
• Investigations and Forensics : Determines what occurred in a breach, forms a response, coordinates that response, and then provides after-action reporting to executive team and the board as well as an internal procedures review to avoid similar actions in the future.
• Security Operations : Conducts security audits such as user access, change management, and vendor risk assessments. Participates as the senior member during any breach or data loss scenario. Analyzes and controls any third-party vendor audit reports (such as SSAE16 reports).
• Security Architecture : Advises and consults on any security infrastructure changes internally, with partners, and in any vendor scenario.
• Identity and Access Management : Ensures that only authorized users have access to applications, process, and data.

Qualifications and Skills

Required :

• Bachelor’s degree in a business or security-related field.
• 5 to 7 years of Information Security experience, with backgrounds in the areas of Compliance, Internal Audit, Risk and/or Business Resumption Planning.
• Knowledge of banking system process and procedure.
• Clear understanding of banking regulatory requirements for information security.

Preferred :

• 3-5 years of direct credit union experience.
• 7-10 years experience in banking, credit union, or government finance.
• Master’s degree in a banking-related or security-related field.
• Professional security designation such as CISSP, CISA, CISM.

Additional Information

• This position allows a flexible work arrangement meaning you may work on-site and/or remotely from the Minneapolis, MN, Appleton, WI, or Salt Lake City, UT area.

Thrivent provides Equal Employment Opportunity (EEO) without regard to race, religion, color, sex, gender identity, sexual orientation, pregnancy, national origin, age, disability, marital status, citizenship status, military or veteran status, genetic information, or any other status protected by applicable local, state, or federal law. This policy applies to all employees and job applicants.

Thrivent is committed to providing reasonable accommodation to individuals with disabilities. If you need a reasonable accommodation, please let us know by sending an email to  human.resources@thrivent.com  or call 800-847-4836 and request Human Resources.