Triumph Financial
Manager, Security Risk & Compliance
Triumph Financial, Dallas, Texas, United States, 75215
Job Description
Position SummaryThe Manager, Security Risk and Compliance will build out and maintain ownership of the enterprise SOC compliance process, ensuring that all security measures are in place and that all SOC audits are completed successfully. The successful candidate will need to be detail-oriented, able to juggle multiple priorities, and have effective communication skills understanding industry standards and best practices. The position requires both an understanding of legacy systems, as well as innovative technologies. The Manager, Security Risk and Compliance position reports to the VP, IT Risk & Compliance and will engage in many facets of the information security and GRC programs while providing guidance and functioning as an experienced SOC compliance resource to control owners and business partners. The Manager will be given the ability to collaborate with various teams to identify risks, deficiencies, create controls and report on SOC compliance progress. As a primary point of contact for SOC auditors, the Manager monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the Manager must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.Essential Duties and ResponsibilitiesCreate, implement, support, and maintain an effective and mature SOC compliance program within the GRC team at Triumph Financial.Establish and maintain SOC compliance processes that ensure customer data is secure and all applicable regulations are met.Learn existing products and the supporting technology within the SOC scope, as well as new products and the supporting technology on the roadmap ahead.Establishes the control framework, evidence, and testing requirements for the enterprise to use for SOC compliance and maintains the framework to keep up to date with technological changes.Serves as the central point of contact with Triumph Financial business partners and clients regarding questions, issues and requests for SOC reports and provides guidance and support to the team on value-add solutions.Establish key relationships and partner with Divisional Presidents, as well as Enterprise CIO, CTOs and CISO to support the SOC program.Coordinates External (SOC1 and SOC2) audits.Provides documentation and evidence to respond to SOC audits and collaborates with the functional areas to gather evidence.Monitor industry standards and best practices to ensure SOC compliance.Develop and maintain relationships with internal and external stakeholders.Explains SOC controls with clarity to business and technical subject matter experts.Identifies requirements needed for successful SOC compliance and certification.Implements a standardized process for initiative-taking and timely control self-assessment testing and deficiency communication of all SOC related controls to control owners and management.Leads the design, development, and remediation of SOC controls.Perform certain vendor due diligence tasks, such as reviewing vendor SOC reports and any associated Complimentary User Entity Control (CUEC) mapping activities.Prepares SOC compliance metrics and effectively communicates this through Executive level presentation and reporting.Contributes to team objectives.Other duties as assigned.Experience and EducationBachelor's degree in business, Management, Accounting, Finance, Information Security, Information Systems, Computer Science, or equivalent work experience.6+ years of prior relevant IT risk, IT security and/or IT audit experience.4+ years of experience leading and managing technology audits.CIA, CISA, CISM, CRISC, or CISSP certifications are preferred.CIS 2.0 security and NIST 800-53 framework controls.Experience in building a SOC compliance program or leading SOC1 Type 2 and SOC2 Type 2 assessments and certifications.Skills and Abilities RequiredStrong people skills with ability to work both independently as well as in a collaborative, team environment; establishing, developing, and maintaining relationships with key business partners is critical for this role.Strong understanding of agile methodology.Ability to provide concise, timely and effective communication, both written and verbal, to management and key stakeholders.Knowledge of technology solutions and able to communicate solutions and translate technical discussions to non-technical business owners.Critical thinking and analytical skills.Diligence, patience, and flexibility.Commitment to operational excellence and continuous process improvement.Strategic project management and oversight of milestones and deliverables.Strong knowledge of IT general controls:-SOC Reports (SOC1/SOC2) Type I and II-Bank Federal and State Compliance regulations.Strong knowledge of Cybersecurity and its relation to IT deployment and implementations.Knowledge of Risk, Compliance and Cyber Frameworks, such as NIST 800-53, CIS, COSO, SANS, ISO, COBIT, ITIL.Identity Access Management and Privileged Access Management (IAM and PAM) Role and attribute-based access controls (RBAC and ABAC) Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.Work EnvironmentThe work environment characteristics described here may be encountered while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Moderate noise (i.e., business office with computers, phone, and printers, light traffic).Ability to work in a confined area.Ability to sit at a computer terminal for an extended period of time. Occasional stooping or kneeling may be necessary.While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear and use hands and fingers to operate a computer keyboard and telephone.Specific vision abilities are required by this job due to computer work.Light to moderate lifting is required.Regular, predictable attendance is required.
#J-18808-Ljbffr
Position SummaryThe Manager, Security Risk and Compliance will build out and maintain ownership of the enterprise SOC compliance process, ensuring that all security measures are in place and that all SOC audits are completed successfully. The successful candidate will need to be detail-oriented, able to juggle multiple priorities, and have effective communication skills understanding industry standards and best practices. The position requires both an understanding of legacy systems, as well as innovative technologies. The Manager, Security Risk and Compliance position reports to the VP, IT Risk & Compliance and will engage in many facets of the information security and GRC programs while providing guidance and functioning as an experienced SOC compliance resource to control owners and business partners. The Manager will be given the ability to collaborate with various teams to identify risks, deficiencies, create controls and report on SOC compliance progress. As a primary point of contact for SOC auditors, the Manager monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the Manager must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.Essential Duties and ResponsibilitiesCreate, implement, support, and maintain an effective and mature SOC compliance program within the GRC team at Triumph Financial.Establish and maintain SOC compliance processes that ensure customer data is secure and all applicable regulations are met.Learn existing products and the supporting technology within the SOC scope, as well as new products and the supporting technology on the roadmap ahead.Establishes the control framework, evidence, and testing requirements for the enterprise to use for SOC compliance and maintains the framework to keep up to date with technological changes.Serves as the central point of contact with Triumph Financial business partners and clients regarding questions, issues and requests for SOC reports and provides guidance and support to the team on value-add solutions.Establish key relationships and partner with Divisional Presidents, as well as Enterprise CIO, CTOs and CISO to support the SOC program.Coordinates External (SOC1 and SOC2) audits.Provides documentation and evidence to respond to SOC audits and collaborates with the functional areas to gather evidence.Monitor industry standards and best practices to ensure SOC compliance.Develop and maintain relationships with internal and external stakeholders.Explains SOC controls with clarity to business and technical subject matter experts.Identifies requirements needed for successful SOC compliance and certification.Implements a standardized process for initiative-taking and timely control self-assessment testing and deficiency communication of all SOC related controls to control owners and management.Leads the design, development, and remediation of SOC controls.Perform certain vendor due diligence tasks, such as reviewing vendor SOC reports and any associated Complimentary User Entity Control (CUEC) mapping activities.Prepares SOC compliance metrics and effectively communicates this through Executive level presentation and reporting.Contributes to team objectives.Other duties as assigned.Experience and EducationBachelor's degree in business, Management, Accounting, Finance, Information Security, Information Systems, Computer Science, or equivalent work experience.6+ years of prior relevant IT risk, IT security and/or IT audit experience.4+ years of experience leading and managing technology audits.CIA, CISA, CISM, CRISC, or CISSP certifications are preferred.CIS 2.0 security and NIST 800-53 framework controls.Experience in building a SOC compliance program or leading SOC1 Type 2 and SOC2 Type 2 assessments and certifications.Skills and Abilities RequiredStrong people skills with ability to work both independently as well as in a collaborative, team environment; establishing, developing, and maintaining relationships with key business partners is critical for this role.Strong understanding of agile methodology.Ability to provide concise, timely and effective communication, both written and verbal, to management and key stakeholders.Knowledge of technology solutions and able to communicate solutions and translate technical discussions to non-technical business owners.Critical thinking and analytical skills.Diligence, patience, and flexibility.Commitment to operational excellence and continuous process improvement.Strategic project management and oversight of milestones and deliverables.Strong knowledge of IT general controls:-SOC Reports (SOC1/SOC2) Type I and II-Bank Federal and State Compliance regulations.Strong knowledge of Cybersecurity and its relation to IT deployment and implementations.Knowledge of Risk, Compliance and Cyber Frameworks, such as NIST 800-53, CIS, COSO, SANS, ISO, COBIT, ITIL.Identity Access Management and Privileged Access Management (IAM and PAM) Role and attribute-based access controls (RBAC and ABAC) Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.Work EnvironmentThe work environment characteristics described here may be encountered while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Moderate noise (i.e., business office with computers, phone, and printers, light traffic).Ability to work in a confined area.Ability to sit at a computer terminal for an extended period of time. Occasional stooping or kneeling may be necessary.While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear and use hands and fingers to operate a computer keyboard and telephone.Specific vision abilities are required by this job due to computer work.Light to moderate lifting is required.Regular, predictable attendance is required.
#J-18808-Ljbffr