Address
Form of workJoin Our Team!
We have a great team of friendly, talented and inspiring people at First United. As a learning organization, we take pride in offering exciting opportunities for employees to grow and follow their passions. That's one of the many reasons First United has been voted as one of the top places to work in Oklahoma since 2009! Browse this page to find out more about the First United culture and the many benefits of working here. Then, use our "Get Started" section to take your first step to being a part of First United.
The Position
Job Title
IT Security GRC Lead
Job Description
SUMMARY
We are looking for an IT Security Governance Risk Compliance (GRC) Lead to join the Enterprise Information Security Office in a second line of defense capacity. This individual will support the execution of IT Risk and Control Self-Assessments (RCSAs), maintenance of IT risk and control catalogue, and advise business units on the maturation of technology and cybersecurity controls to align with changing risks and regulatory requirements. Additionally, this individual will own and mature the Cybersecurity training program across business operations and information technology.
This individual will work under the guidance of a manager with limited direction and should have a self-starter mindset. This individual will collaborate heavily across first and second lines of defense in Information Technology and Information Security in a team of teams' environment. They will have direct exposure to senior levels of management and should be adept in communicating regulatory and compliance matters.
A successful candidate will have a wide range of audit, regulatory, or hands on technical experience that allows them to translate regulatory and compliance requirements to the continually evolving technology landscape. They will have experience in financial services and a good understanding of regulatory and compliance requirements for financial institutions. Their experience will allow them to immediately help mature practices related to data loss prevention, cybersecurity training and culture, RCSAs, hybrid cloud, and identity and access management (IAM).
This role is an exciting opportunity to mature information technology and cybersecurity control processes in a growing and stable organization. As well as train and educate personnel on all things' cybersecurity using leading platforms and tools. This role reports directly to the Technology Risk and Control Manager and will work closely with executing the overall agenda of the Enterprise Information Security Office, Enterprise Risk Management, and Information Technology.
MAJOR DUTIES AND RESPONSIBILITIES (ESSENTIAL FUNCTIONS)
Skills/ Qualifications:
Additional Duties and Responsibilities
EMPLOYEE SPECIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Required Education and Work Experience
Knowledge and Skills Requirements
Physical Activities and Environmental Conditions
Frequency Key
• (N) Never/Rarely - less than 1/3 of the time
• (O) Occasionally - 1/3 to 2/3 of the time
• (C) Constantly - 2/3 or more of the time
Physical Activities
Task
Frequency
Ascending or descending ladders, stairs, scaffolding, ramps, poles, and the like.
N
Moving self in different positions to accomplish tasks in various environments including tight and confined spaces.
N
Remaining in a stationary position, often standing, or sitting for prolonged periods.
C
Moving about to accomplish tasks or moving from one worksite to another.
O
Communicating with others to exchange information.
C
Repeating motions that may include the wrists, hands and/or fingers.
C
Operating machinery and/or power tools.
N
Operating motor vehicles or heavy equipment.
N
Assessing the accuracy, neatness and thoroughness of the work assigned.
C
Environmental Conditions
Condition
Frequency
Low temperatures.
N
High temperatures.
N
Outdoor elements such as precipitation and wind.
N
Noisy environments.
N
Hazardous conditions.
N
Poor ventilation.
N
Small and/or enclosed spaces.
N
No adverse environmental conditions expected.
C
Physical Demand
Light work that includes moving objects up to 20 pounds.
NOTE:
This job description is not intended to be all-inclusive. Employee may perform other related duties as assigned by supervisor to meet the ongoing needs of the organization.
#LI-MM1
All Locations:
McKinney
If any applicant is unable to complete an application or respond to a job opening because of a disability, please email us at HR@firstunitedbank.com for assistance.
First United is an Equal Opportunity Employer. To the extent required by Federal or State law, First United does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, or any other characteristic protected by law.
We have a great team of friendly, talented and inspiring people at First United. As a learning organization, we take pride in offering exciting opportunities for employees to grow and follow their passions. That's one of the many reasons First United has been voted as one of the top places to work in Oklahoma since 2009! Browse this page to find out more about the First United culture and the many benefits of working here. Then, use our "Get Started" section to take your first step to being a part of First United.
The Position
Job Title
IT Security GRC Lead
Job Description
SUMMARY
We are looking for an IT Security Governance Risk Compliance (GRC) Lead to join the Enterprise Information Security Office in a second line of defense capacity. This individual will support the execution of IT Risk and Control Self-Assessments (RCSAs), maintenance of IT risk and control catalogue, and advise business units on the maturation of technology and cybersecurity controls to align with changing risks and regulatory requirements. Additionally, this individual will own and mature the Cybersecurity training program across business operations and information technology.
This individual will work under the guidance of a manager with limited direction and should have a self-starter mindset. This individual will collaborate heavily across first and second lines of defense in Information Technology and Information Security in a team of teams' environment. They will have direct exposure to senior levels of management and should be adept in communicating regulatory and compliance matters.
A successful candidate will have a wide range of audit, regulatory, or hands on technical experience that allows them to translate regulatory and compliance requirements to the continually evolving technology landscape. They will have experience in financial services and a good understanding of regulatory and compliance requirements for financial institutions. Their experience will allow them to immediately help mature practices related to data loss prevention, cybersecurity training and culture, RCSAs, hybrid cloud, and identity and access management (IAM).
This role is an exciting opportunity to mature information technology and cybersecurity control processes in a growing and stable organization. As well as train and educate personnel on all things' cybersecurity using leading platforms and tools. This role reports directly to the Technology Risk and Control Manager and will work closely with executing the overall agenda of the Enterprise Information Security Office, Enterprise Risk Management, and Information Technology.
MAJOR DUTIES AND RESPONSIBILITIES (ESSENTIAL FUNCTIONS)
- Support/Own the definition and maintenance of the technology risk and control environment.
- Assess the effectiveness of technology controls against requirements and policy statements.
- Support and co-ordinate responses to Regulator & Customer requests for information on control practices
- Analyze and report on compliance of cyber and technology controls against LoB (Lines of Business), Firmwide and Regulatory Standards
- Consult on technical security and regulatory compliance matters with IT Services teams.
- Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment.
- Support/Own reporting products used to ensure stakeholders are kept appraised of the performance of the technology control environment.
- Validate that business Key Risk Indicators are accurately captured & included in prioritization activities.
- Familiarity with information security training & education program management.
Skills/ Qualifications:
- An understanding of Enterprise Risk Management practices in a technical environment
- Broad understanding of cybersecurity and technology control practices and frameworks
- Experience performing or supporting regulatory and compliance assessments for financial institutions
- Experience supporting and maturing cybersecurity processes and programs in areas including but not limited to data loss prevention, identity and access management, cybersecurity training and culture, and hybrid cloud.
- Technical and operational understanding of financial services regulations.
- Self-motivated and explorative mindset with a strong desire for continual learning and growth.
- Ability to operate on multiple tasks whilst still achieving high delivery standards.
- Technical understanding of enterprise technology stacks both on-prem and hybrid cloud.
- CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), CCSP (Certified Cloud Security Professional), Cloud Architect certification, Certified Information Systems Auditor (CISA), former PCI Qualified Security Assessor (QSA) or other similar certifications
Additional Duties and Responsibilities
- Assist all company employees and customers in a prompt, professional, and courteous manner.
- Adhere to company security practices according to policy and adopted security framework.
- Uphold system and application hardening procedures.
- Comply with all banking regulations and legal statutes.
- Document records accurately.
- Maintain confidentiality of company and customer information.
- Adherence to all First United Policies and Procedures
- Complete all required compliance exams on an annual basis
- Perform other duties as assigned
EMPLOYEE SPECIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Required Education and Work Experience
- Master's or other advanced degree (MBA, cybersecurity, information assurance, computer science, etc.) preferred but not required.
- Bachelor's degree in business administration, information assurance or related technical field.
- 5-7 years of related experience in Information Security, IT audit, and/or IT risk management including FFIEC regulations, NIST standards, cloud security standards and frameworks, GLBA standards and cybersecurity frameworks.
- 5+ years of related project management experience in IT and Information Security or related field
Knowledge and Skills Requirements
- Collaboration with internal operation departments, regulating entities, IT teams, Risk Management, 3rd party contractors and consultants, internal and external audit groups, and management.
- Experience with GRC platforms.
- Self-starter requiring minimal supervision.
- Strong written and verbal communications.
- Analytical and problem-solving mindset, efficient in approach to solution delivery.
- Demonstrated strategic and tactical skills, highly organized, and strong decision-making, and business acumen.
- Moderate security framework and standard implementation (ISO, NIST, ITIL, etc.).
- Knowledge of programming and scripting language applications.
- Microsoft Office Suite and Visio proficiency.
- People skills requisite to work with business units, system engineers, & management.
- Good verbal communication and writing skills.
- Strong attention to detail.
- Ability to work independently and as a team member.
- Ability to prioritize tasks and manage projects.
Physical Activities and Environmental Conditions
Frequency Key
• (N) Never/Rarely - less than 1/3 of the time
• (O) Occasionally - 1/3 to 2/3 of the time
• (C) Constantly - 2/3 or more of the time
Physical Activities
Task
Frequency
Ascending or descending ladders, stairs, scaffolding, ramps, poles, and the like.
N
Moving self in different positions to accomplish tasks in various environments including tight and confined spaces.
N
Remaining in a stationary position, often standing, or sitting for prolonged periods.
C
Moving about to accomplish tasks or moving from one worksite to another.
O
Communicating with others to exchange information.
C
Repeating motions that may include the wrists, hands and/or fingers.
C
Operating machinery and/or power tools.
N
Operating motor vehicles or heavy equipment.
N
Assessing the accuracy, neatness and thoroughness of the work assigned.
C
Environmental Conditions
Condition
Frequency
Low temperatures.
N
High temperatures.
N
Outdoor elements such as precipitation and wind.
N
Noisy environments.
N
Hazardous conditions.
N
Poor ventilation.
N
Small and/or enclosed spaces.
N
No adverse environmental conditions expected.
C
Physical Demand
Light work that includes moving objects up to 20 pounds.
NOTE:
This job description is not intended to be all-inclusive. Employee may perform other related duties as assigned by supervisor to meet the ongoing needs of the organization.
#LI-MM1
All Locations:
McKinney
If any applicant is unable to complete an application or respond to a job opening because of a disability, please email us at HR@firstunitedbank.com for assistance.
First United is an Equal Opportunity Employer. To the extent required by Federal or State law, First United does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, or any other characteristic protected by law.
