Chief Information Security & Privacy Officer - Thrivent Bank In Formation
$130,210 - $176,167/Yr
Thrivent - Salt Lake City, UT
posted 5 days ago
Full-time - Senior
Salt Lake City, UT
251-500 employees
Securities, Commodity Contracts, and Other Financial Investments and Related Activities
About the position
The Chief Information Security & Privacy Officer at Thrivent Bank is a pivotal role responsible for overseeing all assurance activities related to the security and privacy of customer and business information. This individual contributor position involves establishing a comprehensive information security and privacy management program, ensuring compliance with relevant policies and regulations, and collaborating with executive management to assess acceptable risk levels. The role is crucial for protecting the organization's information assets and guiding the company towards effective risk management practices.
Responsibilities
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
- Work directly with business units to facilitate risk assessment and risk management processes including annual information security, cybersecurity, and GLBA risk assessments.
- Develop and enhance an information security management framework.
- Ensure consistent application of policies and standards across all technology projects, systems, and services through committee interactions.
- Provide leadership to the enterprise's information security organization.
- Raise awareness of risk management concerns among business stakeholders across the company.
- Assist with overall business technology planning, providing current knowledge and future vision of technology and systems.
- Develop and maintain information security and privacy policies and procedures in accordance with industry standards and applicable laws and regulations.
- Work with cross-functional teams to ensure the privacy and security of all data collected, stored, or transmitted by the organization.
- Manage and investigate security incidents and privacy breaches to ensure compliance and identify areas for improvement, coordinating breach response activities.
- Stay updated with industry best practices and changes in laws and regulations related to information security, cybersecurity, disaster recovery, and privacy.
- Oversee third-party service providers that provide information-security related services including network, email, and VPN applications and services.
- Conduct periodic phishing tests for Bank employees.
- Support the Banks third-party risk management program by reviewing SOC I/II reports for critical/high risk suppliers.
- Oversee and coordinate with Information Technology Operations staff on the execution of 1st line of defense information security responsibilities.
Requirements
- Experience working in an ILC chartered institution preferred.
- Degree in business administration or a technology-related field required.
- Professional security management certification such as CISSP, CISA, CISM, or CRISC preferred.
- Minimum of eight to twelve years of experience in risk management, information security, and IT jobs.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST.
- Excellent written and verbal communication skills and high level of personal integrity.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
- Experience in Cybersecurity risk principles and frameworks.
- Specific experience in Agile (scaled) software development or other best in class development practices.
- Experience with Cloud computing/Elastic computing across virtualized environments.
- Experience with PCI DDS.
- Strong analytical and problem-solving skills.
Nice-to-haves
- Certification in privacy management or compliance (CRCM) preferred.
Benefits
- Various bonuses (including annual or long-term incentives)
- Medical, dental, and vision insurance
- Health savings account
- Flexible spending account
- 401k
- Pension
- Life and accidental death and dismemberment insurance
- Disability insurance
- Supplemental protection insurance
- 20 days of Paid Time Off each year
- Sick and Safe Time
- 10 paid company holidays
- Volunteer Time Off
- Paid parental leave
- EAP
- Well-being benefits
- Other employee benefits
