Director of GRC

Amalgamated Bank is seeking a Director of GRC to plan, design, and implement holistic information security program with focus on emerging threats, regulatory requirements, and industry best practices. The manager will be responsible for building security culture of the bank and will report to the Chief Information Security Officer (CISO) and assist in implementing information security program across all areas of information security- Governance, Risk, and Compliance. 

By joining our team, you’ll be joining a Bank that believes that that maintaining a diverse and inclusive workplace where everyone feels valued and respected is essential for us to grow as a company. We are dedicated to building a more equitable world in our everyday practices by embracing the values of our employees and customers.

Essential Job Functions:

1. Assist CISO in designing and managing information security program. 
2. Define and implement clear Second Line of Defense ( 2LoD[MS1]  ) roles and functions.
3. Act as liaison between Auditors, Regulators, Information Security, Management by coordinating requests for information and by coordinating responses to any observations.
4. Build and Design information security awareness and training program for organization personnel and mentor information security personnel
5. Manage information security personnel
6. Plan and draft department budget and track costs associated with the program
7. Track bank defined KPIs and KRIs
8. Prepare and coordinate regulatory activities including, but not limited to NYSDFS 500 and Sarbanes-Oxley Act (SOX)
9. Provide Information Security consultation to relevant departments and communicate information security goals and new programs effectively with other department managers within the organization.
10. Develop, implement and monitor a strategic, comprehensive enterprise information security risk management program including Risk and Control Self-Assessment (RCSA)
11. Promote secure design of systems and infrastructure in line with industry standards and best practices including application of secure coding practices across the engineering organization, conducting security reviews of new features, leveraging industry tooling to automate and improve the security review.
12. Develop, document, track, and implement information security policies, controls, and procedures.
13. Work with vendors to perform security audits ensuring they meet industry standards. 

Knowledge, Skills and Experience Requirements:

1. Bachelor’s degree or equivalent experience
2. Minimum seven (7) to ten (10) years in Audit and Compliance Management roles Knowledge of security frameworks– ISO 27001, NIST, etc.
3. Knowledge of banking laws and regulations 
4. Experience with policy design, authoring and implementation 
5. Excellent verbal/written communication and interpersonal skills
6. Strong analytical ability and Confident and experienced in working with senior leadership as well as support and engineering management and staff 
7. Certifications such as CISSP, CGEIT, CISA, CRISC, CISM desirable

Our job titles may span more than one career level. The starting base salary for this role is between $142,000.00 – $165,000.00. The actual base pay is dependent upon many factors, such as: training, transferrable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future.

Amalgamated Bank is an Equal Opportunity and Affirmative Action Employer, Minorities / Females / Individuals with Disability / Veterans. AmeriCorps, Peace Corps and other national service alumni are encouraged to apply. View our Pay Transparency Statement. Submission of a resume or any information regarding your qualifications does not constitute a promise or offer of employment. At Amalgamated Bank, we consider an applicant to be someone who has interviewed at least once, in person, with the hiring manager. Amalgamated Bank does not sponsor applicants for work visas.

As part of our commitment to health and safety, all team members currently working in our office space are required to show proof of vaccination. To be considered for any position at Amalgamated Bank where permitted by applicable law (including any applicable reasonable accommodation, medical or religious exemption), candidates must have received the COVID-19 vaccine prior to their start date. Upon commencement of employment, new team members must provide proof that they have been fully vaccinated against COVID-19.