Who We Are/Job Description:
We are a mission-based online banking start-up, based in Dallas, TX, backed by a number of reputable investors. With over 100 employees already on board, we are currently seeking a Sr Manager of Governance, Risk, and Compliance to report to our Head of Security.
What you’ll do:
- Reporting to the CISO, work across business lines, risk management, and compliance teams to design, deploy and implement a technology risk and governance program for a leading financial institution.
- Own and scale our policy and control framework supporting various compliance frameworks including FFIEC, NIST, Mitre and PCI.
- Build trust with our customers and other stakeholders by responding to customer security and compliance questionnaires and representing GRC on customer calls
- Improve third-party risk management processes and support the head of vendor management in the development and implementation of a comprehensive third-party risk management program
- Develop and implement robust Disaster Recovery / Business Continuity Planning (BCP) governance programs as well as a robust cadence of tests to validate the security and resiliency posture of the organization
- Coach, educate, and engage internal employees across all teams and help drive security and privacy awareness and a culture of trust and compliance
- Participate in audit planning activities to develop audit scopes and provide second line support for operational oversight
- Design test plans to determine the adequacy and effectiveness of internal controls and compliance with policies and procedures and applicable regulations
- Conduct tests of information technology application and system processes and controls
- Demonstrate proficiency in applying information systems audit principles, skills and techniques
- Understand the financial, operational and compliance risks which affect information systems design
- Identify value-added recommendations and align with local and corporate management on corrective actions to address identified risks
- Lead the control testing and reporting program strategy to ensure continuous alignment with Risk Management, Compliance, and Governance (GRC) with a primary focus on SOX & FFIEC.
- Deliver accurate and actionable compliance guidance and direction to internal stakeholders.
- Build strong cross-functional relationships with business partners to facilitate the development of strong compliance programs that support continuous improvement and operational efficiency.
- Partner and collaborate with cross-functional team members within SOX Compliance, Security GRC and external auditor teams to gather evidence in support of internal and external assessments and audits.
- Develop and implement an effective program that leverages an internal common control framework and other applicable standards, policies and regulations.
- Closely monitor internal projects, audit results and emerging IT trends to determine relevance and impact to the technology risk posture of the institution.
- Hands-on review of SOX and other audit workpapers.
- Manage the Vulnerability management and red/purple team function, including penetration testing, hunts for indicators of compromise, and table tops / war game exercises
- Define Metrics for the security team that align with business goals and translate to business value
Requirements:
- 5 Year cybersecurity and GRC experience
- Financial services experience is a plus
- Strong analytical, organizational, written, and verbal communication skills.
- Positive and optimistic personality – no problem is too big.
- Sense of ownership: take on new projects which involve research, becoming a subject matter expert, and driving them to completion.
- Ability to work on multiple, moderate to high complex assignments simultaneously.
- Very strong problem solving, troubleshooting skills for issues that involve critical data needs between critical applications
- Ability to work with multiple vendor application and development teams when implementing and troubleshooting interface initiatives
- CISM, CISSP or equivalent industry certification