- If you are a current FIB employee, please apply through the Career Worklet in the Employee Portal.
This position is a hybrid work model and may be located at any of the offices within First Interstate Bank's fourteen state footprint, including Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, North Dakota, Oregon, South Dakota, Washington and Wyoming.
What’s Important To You
We know your career is just one aspect of a meaningful, complex, and demanding life. That’s why we designed our compensation and benefits package to provide employees and their families with as much choice as possible.
- Generous Paid Time Off (PTO) in addition to paid federal holidays.
- Student debt employer repayment program.
- 401(k) retirement plan with a 6% match.
- The health and happiness of the places we call home matter to us. Learn a little more about what we do for the communities we serve, and why we want YOU to be a part of it.
We encourage you to apply. Reach for what you want and tell us why your work ethic and willingness to learn make you a natural fit for
#TeamFirstInterstate.
Summary
The Cybersecurity and Information Technology Risk Manager is responsible for managing Risk governance, oversight, independent assessment, and effective challenge of cybersecurity and information technology risk at the Bank to ensure that cybersecurity and IT related activities and programs align with overall risk management strategy and regulatory expectations while reporting to the Director of Enterprise Risk Management, within the Office of the Chief Risk Officer. This position will proactively work with partners across all lines of defense including business units and IT stakeholders in the first line of defense; providing the structure, guidelines, and requirements for managing cybersecurity and IT risk in a streamlined, standardized, and effective manner.
Essential Duties And Responsibilities
- Develops the cybersecurity and IT risk framework; works with key stakeholders across all lines of defense to ensure IT/Infosec risks are appropriately identified, assessed, mitigated, monitored, and reported within established policies and regulatory best practices.
- Provides independent assessment and effective challenge of cybersecurity and IT risk management activities.
- Ensures that the cybersecurity and IT risk management programs align with the overall risk management strategy.
- Oversees the analysis and review of technology related incidents and their response plans, working with IT leaders and stakeholders to ensure effective and appropriate action plans.
- Conducts independent risk assessments and monitor the effectiveness of cybersecurity controls.
- Identifies emerging risks and ensures they are communicated to senior management.
- Reports on cybersecurity and IT risk exposures to senior management and the board.
- Ensures appropriate risk monitoring metrics, clear communication of issues or gaps, and mitigation strategies.
- Assesses all outstanding regulatory or audit issues and ensures business unit developed remediation plans address identified control gaps or process deficiencies in a timely manner and in accordance with the stated risk appetite.
- Assists Risk and IT leaders with enhancing existing risk and control assessment methodologies, as well as identifying development opportunities for new assessments.
- Guides stakeholders through the design and reporting of key risk monitoring metrics.
- Assists in the effective challenge of inherent and residual risk ratings and lead the identification of and changes to strategies or regulations for assigned business units.
- Promotes a risk-aware culture within the organization.
- Provides training and resources to enhance cybersecurity and IT risk management capabilities.
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Knowledge, Skills And Abilities
- Deep understanding of information security industry frameworks (COSO, NIST, and FFIEC).
- Excellent communication and interpersonal skills to interface with enterprise stakeholders.
- Strong knowledge of information security frameworks, risk management methodologies, and regulatory requirements.
- Proven experience in incident response, threat analysis, and vulnerability management.
- Excellent analytical, problem-solving, and decision-making skills.
- Strong communication and interpersonal skills, with the ability to effectively convey complex security concepts to non-technical stakeholders.
- Leadership experience with a track record of managing and developing high-performing teams.
- Extensive knowledge and experience in cybersecurity, sound knowledge of the financial institution landscape, broad understanding of technology and technical process documentation, and knowledge of IT control/procedure identification and information security/privacy banking laws and regulations including Gramm Leach Bliley.
Education And/Or Experience
- Bachelor's Degree in Cybersecurity, Information Technology, or related field required
- 7-9 years experience in information security, cybersecurity, risk management, and/or equivalent combination of education and experience required
- Experience within the financial services industry preferred
LICENSES AND CERTIFICATIONS
- CRISC - Certified in Risk and Information Systems Control - Enterprise IT risk management, including identifying, evaluating, and managing risks, and designing and implementing information system controls preferred
- CISM - Certified Information Security Manager - information security management, including governance, risk management, program development and management, and incident management preferred
- CISSP - Certified Information Systems Security Professional - information security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security preferred
PHYSICAL DEMANDS AND WORKING ENVIRONMENT
The physical demands and work environment are representative of those that must be met or encountered to successfully perform the essential functions of the job. In compliance with the Americans with Disabilities Act, the company provides reasonable accommodation to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.
- Dexterity of hands/fingers to operate computer keyboard and mouse - Frequently
- Lifting - Occasionally (up to 50 lbs)
- Sitting - Frequently
- Standing - Occasionally
- Noise Level - Moderate
- Typical Work Hours - M-F (8-5)
- Regular and Predictable Attendance - Required
- Travel is not required but may be encouraged on a quarterly basis to attend key stakeholder meetings.
Compensation & Benefits
We offer a competitive total compensation package including base salary and benefits. The anticipated pay range for this position is $133,695 to $220,596 per year (in CO & WA), and depends on a variety of non-discriminatory factors including, but not limited to, job-related knowledge, skills and experience, education, and geographic location. Additionally, this role is eligible to receive annual discretionary cash and stock bonuses. Benefits available for this position include, but are not limited to, medical, dental, vision, short-term and long-term disability benefits and life insurance, flexible spending accounts, health savings account, employee assistance program, 401(k), Paid Time Off (new hires accrue at .069 per hours worked which equates to approximately 18 days per year inclusive of paid sick time) and up to 11 paid Federal holidays. Please note this information is provided for those hired in Colorado and Washington only, and this role is open to candidates outside of Colorado and Washington with compensation that aligns with your location. For more information regarding our benefits, please visit https://www.firstinterstatebank.com/company/about/employee-benefits.php.
- If you are a current FIB employee, please apply through the Career Worklet in the Employee Portal.
