Information Security Risk and Compliance Testing Manager

About Patelco Credit UnionPatelco Credit Union is a not-for-profit credit union with a purpose to build financial health and wellbeing for our members. Since 1936, Patelco has grown from $500 in assets to over $9 billion in assets and is the 7th largest credit union in California with branches throughout Northern California.We are here for our members throughout all their stages of life. Meeting them with the products and services to help them plan purposefully for their futures and to secure our life-long partnership as their trusted financial advocate. As one team, we are all committed to delivering service, empowering financial literacy, creating products, and providing new technology for our members.We believe that work should be rewarding, challenging, and enjoyable. We’re dedicated to creating a positive and supportive culture where our team members can thrive. If you’re looking to use your skills and knowledge to make a difference in our members’ lives, Patelco could be the perfect fit for you.OverviewThe InfoSec Testing Program Manager plays a critical role in Patelco’s second line of defense for Technology by overseeing and validating the effectiveness of Patelco security controls and risk management. The Manager ensures that Patelco’s security practices and policies are reliable, effective, and compliant with internal policies, and risk management frameworks. The Manager tracks and reports on risk levels and trends and provides critical insights and guidance to improve Patelco’s cybersecurity posture.ResponsibilitiesDesigns, implements and maintains a comprehensive testing program for information security controls, processes, and risk management practices.Ensures testing methodologies align with industry standards (e.g. NIST, ISO, CIS).Creates a testing schedule and plan to cover high-risk areas, critical assets, and regulatory requirements.Regularly updates the testing program to adapt to emerging threats, technology changes, and regulatory shifts.Performs independent, second-line testing on the adequacy and effectiveness of the first line of defense (e.g. IT and InfoSec teams)Tests the design and operational effectiveness of security controls, such as access management, data protection, vulnerability management, incident response, and compliance with privacy regulations.Uses a risk-based approach to prioritize testing efforts on critical systems, processes, and assets.Evaluates risks identified during testing activities and assesses potential impact on Patelco’s security posture.Establishes and monitors key performance indicators (KPIs) and metrics to measure the effectiveness of the InfoSec testing program.Produces clear and comprehensive reports detailing control weaknesses, non-compliance issues and risk levels, emerging trends or gaps in the control environment.Provides recommendations for remediation and risk mitigation to relevant stakeholders.Works closely with first line of defense teams to understand their control environments, processes, and mitigation efforts.Tracks remediation activities to ensure that issues identified during testing are effectively addressed in a timely manner and verifies the completion and effectiveness of remediation actions taken.Stays up to date with changes in regulations and industry standards to adjust the testing program accordingly and ensures testing programs and results meet regulatory requirements. Supports the development and execution of Patelco’s InfoSec strategy by providing insights from testing results and trends. Maintains thorough documentation of testing procedures, methodologies, and results for internal and regulatory review. QualificationsBachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Systems or a related field 10+ experience in Information Security, Cybersecurity or IT risk management10+ years of experience working with information security frameworks (e.g. NIST, ISO, CIS controls) and risk management frameworks7+ years of experience with control testing methodologies and conducting security audits or assessmentsCISSIP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), or CISA (Certified Information Systems Auditor) required7+ years of experience in second line of defense related to information security controls, testing, risk assessments or complianceTarget Base Pay$147,978-$184,973Compensation at PatelcoPlease note that the salary information is a general guideline only. Patelco Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits.We OfferPhysical Health:Exceptional Medical, Dental, Vision, and Life Insurance benefitsOnsite fitness center at HQ and rewards for completing wellness related activities Financial Health:Competitive compensation packages with bonus opportunity401(k) with 3% Safe Harbor and 5% employer matchDiscounts on loan productsTuition reimbursementEmotional Health:Employee Assistance Program (EAP)PTO for part-time and full-time positionsPaid holidaysPersonal Development:On-the-job training and skills developmentInternal transfer opportunities for career growthVolunteer workFlexible work arrangements available for specific positionsPatelco Credit Union is an Equal Opportunity Employer including individuals with disabilities and protected veteransIND123Job type: FULL TIMECategories: Technology