Information Security Manager chez FINWISE BANK

Description

• This position will be in office at our Murray, Utah location.

FinWise Bank is a commercial institution located in Murray, Utah that offers exceptional products in a manner that continually surpasses expectations. Information Security is a vital part of the Bank’s structure, and the Risk and Compliance Division supports the Bank in these efforts. The Information Security Manager will work closely with the VP, Information Security Officer (ISO) to promote Information Security standards, controls, and best practices across the Bank. This role will be responsible for  monitoring the security posture of Strategic Partners, conducting due diligence reviews of third parties with access to the Bank’s sensitive data. This role will also have oversight activities of the Information Technology Division. This will be accomplished by monitoring security measures for the protection of computing networks and data delivery systems used throughout the Bank.

Tasks:

• Serve as the primary point of contact between the Bank and assigned Strategic Partners for all matters related to Information Security.
• Provide visibility to the ISO about the security posture of assigned Strategic Partners.
• Monitor that assigned Strategic Partners are providing expected oversight documentation.
• Escalate all assigned Strategic Partner issues to the ISO.
• Participate in annual virtual or onsite visits of assigned Strategic Partners.
• Review policies, plans, procedures, security assessments, monitoring alerts, architectural diagrams, testing results, and audits from assigned Strategic Partners to ensure compliance with applicable banking regulations using a risk-based approach.
• Develop strong and collaborative professional relationships with Program Management, Vendor Management, IT teams at FinWise Bank as well as counterparts at Strategic Partners.
• Review and assess the security posture of third parties by evaluating submitted evidence and requesting additional documentation when appropriate.
• Create, modify, and enhance Information Security procedures and provide them to the ISO for review and approval.
• Execute assigned Information Security tasks in a timely manner.
• Escalate observed security issues, control gaps, or deficient third parties to the ISO.
• Complete user access reviews of assigned Bank systems.
• Conduct clean desk reviews at Bank premises.
• Conduct investigations of security incidents leveraging the Bank’s security tools.
• Ensure that security incidents associated with the Bank, third parties, or Strategic Partners are documented.
• Other duties as assigned.

Knowledge, Skills, and Abilities:

• Manage concurrent activities with tight deliverables and a strong attention to detail.
• Ability to handle highly confidential information and material in a professional manner.
• Ability to communicate technical information in a manner comprehensible by individuals at varying degrees of experience and skill levels.
• Outstanding technical security background as well as thorough understanding of relevant risk mitigation and technical controls following industry best practices from NIST, CIS, etc.
• Direct experience with controls related to Information Security as defined by the FFIEC, FDIC, GLBA, SEC, SOX, PCI-DSS.
• Demonstrate and apply a thorough understanding of Third-Party Risk Management, with specific focus on cyber security, data protection, business resiliency, and other security risks associated with the use or technology (e.g.: cloud, API, IT infrastructure, external audits, BCP/DR, and operational security functions).
• Ability to assess and review third-party audit evidence from Strategic Partners such as: SOC reports, Penetration Testing reports, ITGC audit reports, PCI DSS SAQ/AOC/ROC, cyber insurance policies, etc.
• Ability to evaluate and present clear business and technology recommendations to assigned Strategic Partners considering threats, vulnerabilities, risks, and Bank needs.
• Ability to remain aware of current security threats, trends, and topics to support the security posture of the Bank and Strategic Partners.
• Self-motivation and eagerness to learn.
• Excellent written and verbal communication skills.

Qualifications

Required Education / Experience / License:

• BA/BS in a related subject (or equivalent professional experience)
• 3+ years of experience in Information Security
• 1+ years of experience in the financial services industry
• At least one entry-level security certification (e.g.: Security+, CCOA, SSCP, etc.)

Preferred Education / Experience / License:

• Master’s degree in a related subject
• At least one intermediate-level security certification (e.g.: CySA+, CISA, CCSP, etc.)
• At least one advanced-level security certification (e.g.: CASP+, CISM, CISSP, etc.)

Minimum Essential Requirements:  

• Sit or stand at a computer for extended periods of time and look at a computer screen for several hours a day.
• Work at an assigned FinWise office location.
• Communicate with others in person, on the phone, virtual meeting, and email.
• Maintain confidentiality.
• Lift 20 lbs.
• Maintain regular and punctual attendance.
• Work overtime as assigned.
• Travel overnight as required.
• Work cooperatively with others.
• Driving during the workday.
• Comply with all company policies and procedures.

Background checks are required on all Bank employees due to the accessibility of Personally Identifiable Information.

AAP/EEO Statement

FinWise is an equal opportunity employer and dedicated to diversity and inclusion in the workplace. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender identity, sexual orientation, age, marital status, pregnancy status, veteran status, or disability status.

FinWise provides reasonable accommodations to the known disabilities of individuals in compliance with the Americans with Disabilities Act. For accommodation information or if you need special accommodations to complete the application process, please contact the Human Resources Department at (801) 545 - 6041.

Qualified applicants with criminal history and conviction records will be considered in accordance with legal requirements.