Information Security Risk Manager

Job Summary

The Information Security Risk Manager serves as a principal risk advisor on security for information systems across the network and on non-digital information systems. Assesses information systems and develops system security plans, test plans and ensures protection from internal or external risk. Provides guidance and solutions to development teams and first line information security teams on authentication, session management, and data protection. Works closely with operations staff, IT management including data governance teams and information security teams.

Location

This position can be performed anywhere in our footprint including but not limited to: Buffalo, NY; Warren, PA; Pittsburgh, PA; Columbus, OH; Cleveland, OH; or Indianapolis, IN.

Essential Functions

* Monitor the enterprise-wide security strategy and mitigate risks through the balance of security measures and operational flexibility

* Perform information security risk assessments for new systems and system changes

* Perform vulnerability assessments for information security systems and facilitate remediation planning, exposure tracking, and report on mitigation status

* Develop information security protocols in collaboration with the information technology and development teams

* Partner with business units and build threat assessments into information security processes

* Manage team performance through regular, timely feedback as well as the formal performance review process to ensure delivery of exceptional services and engagement, motivation, and team development

* Develop, monitor, and provide improvement guidance of the Information Risk Management strategy, program, and associated services

* Manage and maintain the communication of policies, control objectives and standards

* Identify the investment needed to ensure compliance with regulatory, contractual, and internal requirements

* Help design and monitor implementation of risk-based controls that are fully auditable and compliant with business and regulatory standards

* Develop and produce Executive-level and Management scorecards to measure, monitor and report on Information Risk posture and control effectiveness

* Analyze business processes and systems and guide needed improvements that properly mitigate risk in alignment with the risk appetite

* Ensure the technologies and processes used worldwide meet all required information risk and information management requirements

* Consult at an expert level to support customer compliance requirements for new product development and enhancement of existing solutions

* Apprise management regarding new and pending regulatory requirements and recommend plans of action

* Conduct security and risk due diligence related to acquisitions, divestitures & joint ventures

* Provide key inputs and collaboration with various risk/compliance departments including quality control, data integrity, ethics and compliance, cyber security, privacy/legal records management

* Provide subject matter expertise to contract managers, business unit managers, and third-party relationship managers to ensure third party risk management program follows applicable regulations and internal polices

* Help develop, maintain, and publish up-to-date information security policies, standards, and guidelines

* Provide regular reporting on the status of the information security program

* Develop effective disaster recovery policies and standards to align with enterprise business continuity management goals

* Serve as a main point of contact for the Risk Management Group interacting with the Information Security team within the IT function

* Responsible for independent Risk Oversight of Information Security

* Provide guidance and independent effective challenge during functional risk assessments to ensure through critical thinking in assessing risks and aligning them with broader operational and enterprise risk assessments

* Ensure that the Information Security team develops and maintains reporting of key risk indicator metrics that provide early warning indicators of impending risks

* Execute a disciplined Issues Management process by ensuring that operational risk issues are reported, escalated and if necessary, action plans executed

* Ensure compliance with Northwest's policies and procedures, and Federal/State regulations

* Navigate Microsoft Office Software, computer applications, and software specific to the department to maximize technology tools and gain efficiency

* Work as part of a team

* Work with on-site equipment

Education and Experience Required

* Bachelor's Degree in Computer Science, Information Security, or Information Systems

* A minimum of 5 years of experience in banking / risk management

* Extensive knowledge of:

* Information systems

* Information Security guidelines and best practices

* Informational risk assessments

#LI-EK1

#LI-Hybrid