Manager It Security Risk & Controls

Under the direction of the Manager, responsible for the maintenance of the Information Security governance, risk, and compliance program and related policies. This position will lead and manage the design, build and identification of information Security Risks, improvement of information security awareness through education and training, and management of the Information Security and ID Theft program. Provides subject matter expertise in area of risk management methodology, security awareness, information technology (IT) controls management, and compliance management; seeking ways to continuously improve function to ensure strong security posture. Assists in business units compliance with applicable laws, regulations, regulatory requirements and Bank policies and procedures, including but not limited to those related to Gramm-Leach-Bliley, Fair Banking, Anti-Money Laundering laws and regulations, Bank Secrecy Act, and USA PATRIOT Act.

Responsibilities

IT Risk Management

• Leads and manages the information Security Risk management program, ensuring the identification, tracking, and timely remediation of information security related risk issues.
• Serves as the lead central point of contact and subject matter expert in area of information Security Risk management methodology and practice. Works closely with bank business units to ensure management of information Security Risk issues, including operation and vendor risk associated with acquisition of new technologies.
• Drives operational excellence by establishing and maintaining procedures, standards, and operational workflows, seeking continuous improvement opportunities, and ensuring effective management reporting. Oversees planning and recommendations of changes based on new or changing business requirements or evolving technology.
• Leads and manages information security and corporate technology governance program, ensuring policies and applicable procedures are complete and comprehensive, that new governance requirements are addressed, and that governance is kept up-to-date.
• Leads IT controls and compliance functions. Ensures coordination of annual internal audits, cybersecurity tabletop exercises, regulatory examinations, and alignment with Corporate Compliance function. Supervises team members to ensure adherence to corporate policy, regulatory requirements, and accepted best practices.
• Manages the security awareness program, ensuring that all employees and contractors understand the bank s information security program and policies. Meets with business units and information security coordinators to ensure specific business needs are understood and addressed. Administers testing and remediation tracking as needed.

Leadership

• Responsible for the management of all employees in the section including staffing and scheduling, compensation, performance management, training and development. Responsible for the timely and effective management of Human Resources forms and documents relevant to immediate staff. Leads the team by inspiring engagement and increasing the capabilities of others to optimize business results.
• Actively mentor and train teammates on Information Security processes, governance, and frameworks.
• Works cross-functionally with team members to support and drive a collaborative team environment.
• Generates innovative ideas and challenge the status quo.
• Establishes team goals and works with direct reports on strategies for executing and measuring process.

Subject Matter Expertise

• Maintains a strong understanding of the products, services, and activities of business units as well as Information Security principles and practices. Leverages that understanding to provide consulting, guidance, and education to stakeholders.
• Understands regulatory requirements related to client s portfolio, and represents IT risk management during internal, customer, or regulatory audits/assessments.
• Assists in the selection and tailoring of approaches, methods and tools to support service offering or industry projects.
• Demonstrates a general knowledge of market trends, competitor activities, as they align with client s strategic direction.
• Builds and nurtures positive working relationships across the bank with the intention of enabling agility, cost effectiveness and delivery as they support our customer experience goals and initiatives.

Miscellaneous

• Performs other miscellaneous responsibilities and duties as assigned.
• This position requires use of a personal computer and other standard office equipment.

Qualifications:

• Education: Bachelor s degree from an accredited institution or equivalent work related experience.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Security Auditor (CISA), Certified Ethical Hacker (CEH), Project Management Professional (PMP), and/or SANS Global Information Assurance Certification (GIAC) certifications (or equivalent) preferred.
• Minimum 7 to 8 years of increasingly responsible positions in information security/ information technology, risk management, IT control design and management, and/or financial services compliance-related work experience with all levels of technical professionals and management.
• Minimum 4 years of team leadership/supervisory/management experience supervising and mentoring technical professionals.
• Ability to problem solve and identify solutions to information Security Risks appropriately based on business context and risk significance.
• Experience in developing new risk and/or compliance and auditing management functions and capabilities within large, complex environments.
• Proven track record of cross-functional collaboration, especially in building a security-first culture focused on enabling business needs.
• Demonstrated proficiency and expertise with personal computers in a networked environment and Microsoft applications (Outlook, Word, Excel, Access, and PowerPoint) or similar software. Knowledge of or ability to use Bank software and systems.

Other Qualifications:

• Utilize strong verbal and written communication skills across all levels of the organization.
• Ability to express complex ideas in concise and simple terms.
• Strong project management and organizational skills required to execute and complete projects on time. Ability to simultaneously manage multiple projects and assignments with varying deadlines.
• Possess strong analytical, quantitative, and problem solving skills to identify business and process improvement opportunities and risks, implement procedural change, and establish internal controls.
• Ability to build strong working relationships and partnerships across organization with a collaborative and consultative approach.
• Effective interpersonal skills and collaborative management style to include teamwork, team building, conflict management, negotiating and problem solving skills.
• Able to work flexible hours including holidays, weekends and evenings as needed

• Hybrid schedule: 2 days onsite required in Honolulu office
• Salary Range: $125-135k/yr. (based on experience)