Manager, Security Risk & Compliance

Responsibilities

Create, implement, support, and maintain an effective and mature SOC compliance program within the GRC team at Triumph Financial.

Establish and maintain SOC compliance processes that ensure customer data is secure and all applicable regulations are met.

Learn existing products and the supporting technology within the SOC scope, as well as new products and the supporting technology on the roadmap ahead.

Establishes the control framework, evidence, and testing requirements for the enterprise to use for SOC compliance and maintains the framework to keep up to date with technological changes.

Serves as the central point of contact with Triumph Financial business partners and clients regarding questions, issues and requests for SOC reports and provides guidance and support to the team on value-add solutions.

Establish key relationships and partner with Divisional Presidents, as well as Enterprise CIO, CTOs and CISO to support the SOC program.

Coordinates External (SOC1 and SOC2) audits.

Provides documentation and evidence to respond to SOC audits and collaborates with the functional areas to gather evidence.

Monitor industry standards and best practices to ensure SOC compliance.

Develop and maintain relationships with internal and external stakeholders.

Explains SOC controls with clarity to business and technical subject matter experts.

Identifies requirements needed for successful SOC compliance and certification.

implements a standardized process for initiative-taking and timely control self-assessment testing and deficiency communication of all SOC related controls to control owners and management.

Leads the design, development, and remediation of SOC controls.

Perform certain vendor due diligence tasks, such as, reviewing vendor SOC reports and any associated Complimentary User Entity Control (CUEC) mapping activities.

Prepares SOC compliance metrics and effectively communicates this through Executive level presentation and reporting.

Contributes to team objectives.

Other duties as assigned.

Experience and Education

Bachelor’s degree in business, Management, Accounting, Finance, Information Security, Information Systems, Computer Science, or equivalent work experience

6+ years of prior relevant IT risk, IT security and / or IT audit experience

4+ years of experience leading and managing technology audits.

CIA, CISA, CISM, CRISC, or CISSP certifications are preferred.

CIS 2.0 security and NIST 800-53 framework controls

Experience in building a SOC compliance program or leading SOC1 Type 2 and SOC2 Type 2 assessments, and certifications.

Skills and Abilities Required

Strong people skills with ability to work both independently as well as in a collaborative, team environment; establishing, developing, and maintaining relationships with key business partners is critical for this role.

Strong understanding of agile methodology.

Ability to provide concise, timely and effective communication, both written and verbal, to management and key stakeholders.

Knowledge of technology solutions and able to communicate solutions and translate technical discussions to non-technical business owners.

Critical thinking and critical thinking skills.

Diligence, patience, and flexibility.

Commitment to operational excellence and continuous process improvement.

Strategic project management and oversight of milestones and deliverables.

Strong knowledge of IT general controls :

• SOC Reports (SOC1 / SOC2) Type I and II
• Bank Federal and State Compliance regulations.

Strong knowledge of Cybersecurity and its relation to IT deployment and implementations

Knowledge of Risk, Compliance and Cyber Frameworks, such as, NIST 800-53, CIS, COSO, SANS, ISO, COBIT, ITIL.

Identity Access Management and Privileged Access Management (IAM and PAM)Role and attribute-based access controls (RBAC and ABAC) Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.

Work Environment

The work environment characteristics described here maybe encountered while performing the essential functions of this job.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Moderate noise (i.e. business office with computers, phone, and printers, light traffic).

Ability to work in a confined area.

Ability to sit at a computer terminal for an extended period of time. Occasional stooping or kneeling may be necessary.

While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear and use hands and fingers to operate a computer keyboard and telephone.

Specific vision abilities are required by this job due to computer work.

Light to moderate lifting is required.

Regular, predictable attendance is required.

LI-JH1

We offer Medical, Dental, Vision, Paid Time Off, 401k and much more.