Manager of Technology Risk en Ent Credit Union

Ent Credit Union exists to improve the financial quality of life of the people we serve. This mission drives us every day, but we are more than our mission. We're also individuals using our unique abilities to make our organization, and the communities we serve, better than they were yesterday. We're a not-for-profit that puts people above profits and actively invests in our community. Our rapidly growing team is expanding our reach to serve more people throughout Colorado. To spread our mission far and wide, we need people like you. If you're interested in a paycheck with a purpose, apply with us today. Our people make the difference, and we truly believe you are our greatest asset.

The Manager of Information and Technology Risk supports the Director of Business and Technology Risk by leading a team in the development, implementation, and maintenance of an enterprise-wide Technology Risk Management program, aligning with the Information Security Policy (ISP) and organizational objectives. This role establishes robust frameworks and governance for the First Line of Defense, manages technology risk assessments, and performs Second Line of Defense controls testing, providing thought leadership and consultative advice to ensure effective integration of risk practices across all business units. Collaborating closely with IT, InfoSec, and business leaders, the manager enhances risk and control initiatives and fosters a risk-aware culture. Through these comprehensive efforts, the Mgr-Technology Risk not only enhances regulatory compliance and audit preparedness but also strengthens the credit union's defenses against technology-related risks.

Essential Functions

• Technology Risk Program Management: Lead the inventory and understanding of existing key technology processes, risks, and internal controls within Ent's GRC platform (Archer), ensuring alignment with organizational environments and standards. Conduct and document process walkthroughs to define technology processes and identify key control activities, ensuring management self-assesses its key inherent technology risks and control activities effectively. Designs and performs Second Line of Defense controls testing activities to determine First Line of Defense controls are in place and operating effectively. Act as a consultant to the business units for the implementation of technology changes, ensuring risk considerations are integrated and compliance standards are met. Oversee the evaluation of risk implications for new technology implementations and changes, ensuring robust compliance monitoring and reporting aligned with the Information Security Policy (ISP). Draft and present Risk and Control Matrices (RCMs) for key technology risks and mitigating controls to business line management for review and approval. Coordinate with business line management to review, update, and approve RCMs, including memorializing and retaining evidence of approval.
• Technology Risk Monitoring and Strategy Implementation: Design and maintain comprehensive risk dashboards/reports for senior management, the Enterprise Risk Management Committee (ERMC), and the Board of Directors, highlighting key technology risks, mitigation efforts, and trends. Develop and refine technology risk mitigation strategies, advising IT and business units to ensure practical and sustainable risk controls during business-as-usual, strategic planning, and key change management efforts. Provide strategic advice on policy development and compliance, helping to shape policies that mitigate risks effectively and align with organizational goals. Assist business lines in drafting program documentation (e. g. , procedures, reporting, training) that reflects approved technology risks and controls, enhancing partnerships between risk management and operational teams. Leverage prior knowledge, testing, and experience gained from roles and results of engagements previously performed by Internal Audit and other assurance and advisory service providers to refine technology risk processes.
• Staff Development and Team Leadership: Develop and implement training programs to enhance team capabilities in technology risk management, ensuring alignment with industry-recognized standards and certifications. Provide ongoing feedback and coaching, set goals, and monitor performance to foster a skilled and knowledgeable risk management team. Lead advisory sessions to disseminate best practices and innovative risk management strategies across the organization. Develop training plans to satisfy required internal training requirements and professional development through industry-recognized certifications. Provide ongoing feedback and coaching through all phases of process inventory, risk and control identification, and test procedure development.
• Teamwork and Collaboration: Foster inter-departmental collaboration by participating in technology projects to ensure risk considerations are integrated from the outset. Support a culture of risk awareness and proactive risk management, sharing insights and best practices across the organization. Offer consultative support during cross-departmental projects, ensuring seamless integration of risk management practices. Coordinate with other team members to ensure a thorough understanding of the subject matter and to solicit feedback. Complete training as directed by management; ensure staff complete training as directed by management.
• Audit Support and Regulatory Compliance: Support audit activities and examinations in collaboration with Internal Audit and regulatory bodies to ensure compliance with technology risk frameworks. Leverage audit findings to provide advisory insights and recommend enhancements to the technology risk framework. Partner with Internal Audit to develop a process to place more reliance on the Second Line of Defense activities, e. g. , continuous auditing and continuous monitoring (CACM), to support the completion of their annual audit plan. Interface with regulators during examinations.
• Bank Secrecy Act: Remains cognizant of and adheres to Ent policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Minimum Formal Qualifications for this Position

• Bachelor's Degree In: Risk, Information Technology, in IT Security, Computer Science, Information/Network Security, or another related field.
• 7+ years' of experience related to IT Security, IT Risk, or Information Security performing compliance, testing, monitoring, or similar risk management activities. Required
• 2+ Years' team leadership or management experience. Required
• 5+ years' financial industry experience. preferred

Technical or Specialized Knowledge/Skills:

• Knowledge of multiple security specialties and technical platforms along with strong understanding of the technical architecture of the organization.
• Understanding diverse security practices along with IT risk management concepts and applying them effectively when developing security solutions.
• Knowledge of networking and telecommunications, securing technical platforms such as Windows, Cisco, VMWare, Public Cloud (Azure, AWS, etc.), secure server and workstation deployment, and support.
• Knowledge of IT systems/data security controls to include but not limited to firewalls, IPS/IDS, SIEM, and other security device platforms.
• Knowledge of regulations and best practices for technical deployments specific to the financial industry, disaster recovery/business resumption technique, secure coding and application design, packet analysis, and forensic tools.
• Knowledge of data standards (both data exchange and storage).
• Knowledge of industry regulations and best practices such as PCI, GLBA, FFIEC, NIST, ISO 27000, HIPAA, OWASP, SSAE 18, SOC 2, and the Cloud Security Alliance.
• Knowledge of Systems Lifecycle Development (SDLC) best practices.
• Leadership skills and the ability to interface with all levels (executive to entry level).
• Verbal, written, and interpersonal skills to interact with associates at all levels of responsibility, along with the ability to communicate with tact and diplomacy.
• Organizational skills and attention to detail.
• Problem-solving and analytical skills able to quickly digest issues/problems encountered and recommend an appropriate solution.
• Demonstrated knowledge of risk management principles.
• Ability to create and deliver professional presentations.
• Ability to proactively identifies potential concerns and follows up to resolve issues.
• Detail oriented with strong critical thinking, analytical skills and effective analysis of data.
• Technical knowledge of insurance forms and industry best practices.
• Ability to multi-task and adhere to sensitive deadlines.

Certifications Required:

• Certified in Risk and Information Systems Control (CRISC) within 1 Year required

Environmental, Physical and Psychological Requirements

• Standing - Occasionally
• Walking - Occasionally
• Sitting - Frequently
• Lifting - Rarely (40 Lbs)
• Carrying - Rarely
• Pushing - Rarely
• Pulling - Rarely
• Balancing - Rarely
• Stooping - Rarely
• Kneeling - Rarely
• Crouching - Rarely
• Crawling - Rarely
• Reaching - Occasionally
• Handling - Occasionally
• Grasping - Occasionally
• Feeling - Occasionally
• Talking - Frequently
• Hearing - Frequently
• Repetitive Motions - Frequently
• Eye/Hand/Foot Coordination - Occasionally
• Noises louder than normal speaking volume - Occasionally
• Temperature Changes - Rarely
• Atmospheric Conditions - Rarely

The pay range for this position is: $105,435 to $116,708 per Year (S17)

Final compensation for this position will be determined by various factors such as relevant work experience, specific skills and competencies, education, certifications, and internal pay equity.

This position is eligible for our corporate bonus program based on company performance.

Benefits Summary Sheet

At Ent Credit Union, we offer a comprehensive benefits package, including:
 

• Health Benefits: Affordable insurance, 24/7 doctor access, and a nationwide provider network.
• 401(k): 3% automatic contribution after three months, plus up to 6% matching.
• Paid Time Off: During your first year, enjoy 16 days of paid time off (PTO) plus 9 paid holidays. And it grows from there.
• Volunteer Time Off: Paid time off to give back to the community.
• Education Support: Up to $10,000 annually for higher education and assistance for certifications.
• Exclusive Discounts: Significant savings on home, car, and personal loans.
  
  For more information about our outstanding benefits please visit our careers page at www.ent.com/careers.
  
  We anticipate this position to close on 10/08/2025. Please submit your application at your earliest convenience to be considered.
  
  Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
  
  The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)