Cybersecurity and Information Technology Risk Manager

If you are a current FIB employee, please apply through the Career Worklet in the Employee Portal. This position is a hybrid work model and may be located at any of the offices within First Interstate Banks fourteen state footprint, including Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, North Dakota, Oregon, South Dakota, Washington and Wyoming. Whats Important to You We know your career is just one aspect of a meaningful, complex, and demanding life. Thats why we designed our compensation and benefits package to provide employees and their families with as much choice as possible. Generous Paid Time Off (PTO) in addition to paid federal holidays. Student debt employer repayment program. 401(k) retirement plan with a 6% match. The health and happiness of the places we call home matter to us. Learn a little more about what we do for the communities we serve, and why we want YOU to be a part of it. We encourage you to apply. Reach for what you want and tell us why your work ethic and willingness to learn make you a natural fit for #TeamFirstInterstate. SUMMARY The Cybersecurity and Information Technology Risk Manager is responsible for managing Risk governance, oversight, independent assessment, and effective challenge of cybersecurity and information technology risk at the Bank to ensure that cybersecurity and IT related activities and programs align with overall risk management strategy and regulatory expectations while reporting to the Director of Enterprise Risk Management, within the Office of the Chief Risk Officer. This position will proactively work with partners across all lines of defense including business units and IT stakeholders in the first line of defense; providing the structure, guidelines, and requirements for managing cybersecurity and IT risk in a streamlined, standardized, and effective manner. ESSENTIAL DUTIES AND RESPONSIBILITIES Develops the cybersecurity and IT risk framework; works with key stakeholders across all lines of defense to ensure IT/Infosec risks are appropriately identified, assessed, mitigated, monitored, and reported within established policies and regulatory best practices. Provides independent assessment and effective challenge of cybersecurity and IT risk management activities. Ensures that the cybersecurity and IT risk management programs align with the overall risk management strategy. Oversees the analysis and review of technology related incidents and their response plans, working with IT leaders and stakeholders to ensure effective and appropriate action plans. Conducts independent risk assessments and monitor the effectiveness of cybersecurity controls. Identifies emerging risks and ensures they are communicated to senior management. Reports on cybersecurity and IT risk exposures to senior management and the board. Ensures appropriate risk monitoring metrics, clear communication of issues or gaps, and mitigation strategies. Assesses all outstanding regulatory or audit issues and ensures business unit developed remediation plans address identified control gaps or process deficiencies in a timely manner and in accordance with the stated risk appetite. Assists Risk and IT leaders with enhancing existing risk and control assessment methodologies, as well as identifying development opportunities for new assessments. Guides stakeholders through the design and reporting of key risk monitoring metrics. Assists in the effective challenge of inherent and residual risk ratings and lead the identification of and changes to strategies or regulations for assigned business units. Promotes a risk-aware culture within the organization. Provides training and resources to enhance cybersecurity and IT risk management capabilities. QUALIFICATIONS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. KNOWLEDGE, SKILLS AND ABILITIES Deep understanding of information security industry frameworks (COSO, NIST, and FFIEC). Excellent communication and interpersonal skills to interface with enterprise stakeholders. Strong knowledge of information security frameworks, risk management methodologies, and regulatory requirements. Proven experience in incident response, threat analysis, and vulnerability management. Excellent analytical, problem-solving, and decision-making skills. Strong communication and interpersonal skills, with the ability to effectively convey complex security concepts to non-technical stakeholders. Leadership experience with a track record of managing and developing high-performing teams. Extensive knowledge and experience in cybersecurity, sound knowledge of the financial institution landscape, broad understanding of technology and technical process documentation, and knowledge of IT control/procedure identification and information security/privacy banking laws and regulations including Gramm Leach Bliley. EDUCATION AND/OR EXPERIENCE Bachelors Degree in Cybersecurity, Information Technology, or related field required 7-9 years experience in information security, cybersecurity, risk management, and/or equivalent combination of education and experience required Experience within the financial services industry preferred LICENSES AND CERTIFICATIONS CRISC – Certified in Risk and Information Systems Control – Enterprise IT risk management, including identifying, evaluating, and managing risks, and designing and implementing information system controls preferred CISM – Certified Information Security Manager – information security management, including governance, risk management, program development and management, and incident management preferred CISSP – Certified Information Systems Security Professional – information security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security preferred PHYSICAL DEMANDS AND WORKING ENVIRONMENT The physical demands and work environment are representative of those that must be met or encountered to successfully perform the essential functions of the job. In compliance with the Americans with Disabilities Act, the company provides reasonable accommodation to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer. Dexterity of hands/fingers to operate computer keyboard and mouse – Frequently Lifting – Occasionally (up to 50 lbs) Sitting – Frequently Standing – Occasionally Noise Level – Moderate Typical Work Hours – M-F (8-5) Regular and Predictable Attendance – Required Travel is not required but may be encouraged on a quarterly basis to attend key stakeholder meetings. COMPENSATION & BENEFITS We offer a competitive total compensation package including base salary and benefits. The anticipated pay range for this position is $133,695 to $220,596 per year (in CO & WA), and depends on a… For full info follow application link. Our company is an equal opportunity employer. Employment here is based solely upon an individuals merit and qualifications directly related to the position. We do not discriminate on the basis of race, color, religion, national origin, ancestry, pregnancy status, sex, age, marital status, disability, medical condition, or any other characteristics protected by law. We make all reasonable accommodations to meet the obligations set forth under the Americans with Disabilities Act (ADA) and state disability laws.