Job Information
First Interstate BancSystem Cybersecurity and Information Technology Risk Manager in Spokane, Washington
**If you are a current FIB employee, please apply through the Career Worklet in the Employee Portal. This position is a hybrid work model and may be located at any of the offices within First Interstate Bank's fourteen state footprint, including Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, North Dakota, Oregon, South Dakota, Washington and Wyoming. What's Important to You We know your career is just one aspect of a meaningful, complex, and demanding life. That's why we designed our compensation and benefits package to provide employees and their families with as much choice as possible. Generous Paid Time Off (PTO) in addition to paid federal holidays. Student debt employer repayment program. 401(k) retirement plan with a 6% match. The health and happiness of the places we call home matter to us. Learn a little more about what we do for the communities we serve, and why we want YOU to be a part of it. We encourage you to apply. Reach for what you want and tell us why your work ethic and willingness to learn make you a natural fit for #TeamFirstInterstate. SUMMARY The Cybersecurity and Information Technology Risk Manager is responsible for managing Risk governance, oversight, independent assessment, and effective challenge of cybersecurity and information technology risk at the Bank to ensure that cybersecurity and IT related activities and programs align with overall risk management strategy and regulatory expectations while reporting to the Director of Enterprise Risk Management, within the Office of the Chief Risk Officer. This position will proactively work with partners across all lines of defense including business units and IT stakeholders in the first line of defense; providing the structure, guidelines, and requirements for managing cybersecurity and IT risk in a streamlined, standardized, and effective manner. ESSENTIAL DUTIES AND RESPONSIBILITIES Develops the cybersecurity and IT risk framework; works with key stakeholders across all lines of defense to ensure IT/Infosec risks are appropriately identified, assessed, mitigated, monitored, and reported within established policies and regulatory best practices. Provides independent assessment and effective challenge of cybersecurity and IT risk management activities. Ensures that the cybersecurity and IT risk management programs align with the overall risk management strategy. Oversees the analysis and review of technology related incidents and their response plans, working with IT leaders and stakeholders to ensure effective and appropriate action plans. Conducts independent risk assessments and monitor the effectiveness of cybersecurity controls. Identifies emerging risks and ensures they are communicated to senior management. Reports on cybersecurity and IT risk exposures to senior management and the board. Ensures appropriate risk monitoring metrics, clear communication of issues or gaps, and mitigation strategies. Assesses all outstanding regulatory or audit issues and ensures business unit developed remediation plans address identified control gaps or process deficiencies in a timely manner and in accordance with the stated risk appetite. Assists Risk and IT leaders with enhancing existing risk and control assessment methodologies, as well as identifying development opportunities for new assessments. Guides stakeholders through the design and reporting of key risk monitoring metrics. Assists in the effective challenge of inherent and residual risk ratings and lead the identification of and changes to strategies or regulations for assigned business units. Promotes a risk-aware culture within the organization. Provides training and resources to enhance cybersecurity and IT risk management capabilities. QUALIFICATIONS To perform this job successfully, an individual mus