Manager, Cyber Security Risk & Compliance

If you are looking for a career that combines a passion for innovation, an opportunity for growth, and a culture of teamwork, then you've come to the right place. We have an exciting leadershipopportunity awaiting someone like you!

This highly visible role will lead a group of security consultants/analysts in the delivery of the Security Risk Management services and products for the Bank.

You will manage complex processes related to the assessment of information security and cyber threat risks to BOK Financial technology-based information, systems, applications and computing infrastructure.

You will serve as the Subject Matter Expert on risk assessment methodology, assessment facilitation with risk owners and information security regulatory requirements. You will also possess knowledge of cyber threat risk mitigation controls and protection practices within BOK Financial and the financial services industry sector.

You will ensure the Security Risk Management program iseffectively integrated into the Information Security Management System and Cyber Security Framework.

Each day will have variety in the fast-paced world of cyber security risk and compliance. Your expertise in Information Technology, Risk and Compliance combined with the ability to lead a team is key to your success. You will work closely with lines of business, Information Technology (IT) and other necessary stakeholders to meet our risk and compliance program objectives. You will be the primary interface with the Vendor Management Office (VMO) to assess and determine information security risks related to the supply chain to include third-party providers.

Your executive presence and storytelling ability will be able to articulate technical issues to a diverse audience including the executive leadership team, line of business leaders, regulators and internal/external auditors.

You will work in a fast-paced, challenging, and exciting environment. You will partner with departments across the organization and lead your team members, sharing best practices and collaborating on risk prevention.

• You will ensure BOK Financial remains in compliance with applicable standards and regulations, including evolving data security privacy principles.
• You will develop, execute, and manage the processes for risk and control assessment of BOKF's enterprise-wide SRM program to ensure alignment with policies and standards.
• You will collaborate with broader IT and IS teams to remediate any identified process gaps.
• You will oversee the maintenance of metrics and KRIs used to demonstrate relative risk.
• You will contribute to the Information Security roadmap to ensure that all SRM activities are aligned with the CISO's strategy and supporting programs.
• You will oversee the development and execution of third party service provider information security risk assessment processes.
• You will manage the relationships with the internal customers and lines of business.
• You will formulate action plans for achieving objectives and set realistic and challenging objectives and standards of performance for team members.
• You will align team members to shared goals and create opportunities for teamwork.
• You will develop your team by communicating job expectations, coaching, mentoring, and providing professional growth opportunities.
• You will research evolving cyber security technologies to build upon knowledge base, identify trends and use acquired knowledge to determine and recommend changes.

BUILDING A HIGH PERFORMING TEAM: You're able to listen, collaborate, respond, coach, and provide constructive feedback; keeping your team engaged is necessary for high achievement.

FORWARD-THINKING: You anticipate the implications and consequences of situations and take appropriate actions, and prepare for possible contingencies.

COLLABORATION: Enjoy working in teams and across departments with a proficiency to follow-up and follow-through.

PROBLEM SOLVER: Because every day is different, you must be a problem solver and self-starter. There are so many pieces of the puzzle to keep track of. The complexity of problems to solve will increase as your experience does.

COMMUNICATION: You will need exceptional verbal and written communication to express yourself clearly and concisely to internal and external clients.

RESULTS ORIENTED: You show initiative as you focus on the desired deliverables, while meeting and exceeding your goals.

TECHNICAL EXPERTISE: Your curiosity will drive you to think deeply, rationally, and creatively. Your tech-savviness will help you learn and navigate multiple systems.

The required level of knowledge is normally acquired through a Bachelor's Degree in Computer Science, Management of Information Systems or related field. Preferred certifications: CISSP, CISM, CRISC, GMON (SANS), and GCIH (SANS) or related certification

• Minimum 2 years of experience leading and managing a team
• 8 - 10 years of experience within Information Security, Risk and Compliance or Information Technology and a minimum of 2 years managing complex initiatives in areas of risk management and/or regulatory compliance
• Comprehensive experience with creating and documenting risk methodologies, maintaining risk registers, and initiating and executing risk assessments
• Strong knowledge of latest information security standards and regulations to ensure compliance both with internal security policies and external compliance requirements
• Thorough understanding of Information Security frameworks and best practices (e.g., PCI, SOX, ISO, NIST)
• Thorough understanding of project management methodologies and application
• Working knowledge of banking systems and business practices
• Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and Federal Financial Institutions Examination Council (FFIEC).
• Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation