STCU is a growing regional organization rated one of the top-performing credit unions in the nation, and named as one of Fortune Magazine’s Great Places to Work. We look for employees who have a strong desire to serve others, are lifelong learners committed to working hard, with a fun-loving attitude and a desire to make a difference in our members’ lives. We love people who share our passion for integrity, service, innovation, education, people, and celebration.

STCU offers excellent benefits: 

• Paid time off—plus 11 paid holidays!
• Medical, dental, vision and life insurance 
• Flexible schedules and remote-work opportunities
• Training and career development
• Success sharing plan
• 401(k) matching contributions
• Tuition reimbursement

The IT Governance Risk and Compliance Program Manager is responsible for the STCU Cybersecurity and IT governance, risk, and compliance program management including the establishment and maintenance of an IT operating model and facilitating the development of technology policies and standards.

*This position has the ability to work a hybrid schedule splitting time between working remotely and working in the office in Liberty Lake, WA.

Core Job Requirements/Outcomes 

• Establish clear directives for acceptable IT operations by proposing, communicating, and maintaining governance policies and guidelines that detail how information must be effectively safeguarded through its entire lifecycle.
• Facilitate risk-based business decision making by performing formal risk analysis and self-assessments for technology processes, leveraging industry standard frameworks such as NIST, CIS, ITIL, COBIT and PCI DSS.
• Ensure STCU’s information systems comply with policy, procedures, and regulations by analyzing internal technology and security controls to validate compliance with documented and approved standards. 
• Enable improved STCU performance by leading organizational IT GRC program management initiatives that increase efficiencies and allow for improved risk-based decision making.

Core Leadership Principles 

• Lead by example by aligning actions with shared values.
• Embrace and communicate organizational direction by enlisting others in a common vision in support of organization values, goals and decisions.
• Effectively lead organizational change by demonstrating and fostering a growth mindset by inspiring your team to do things differently, seizing opportunities, working through challenges and persevering toward a better future.
• Lead performance by providing direction and delegation to create a climate where people are motivated to do their best.
• Encourage the heart by exhibiting empathy, actively listening and celebrating to cultivate team engagement.

Other Essential Functions

• Communicate the status of the IT GRC Program performance to senior leaders and board of directors through metrics, dashboards, and periodic and annual reports.
• Deliver metrics and reporting that increases the maturity, illustrates efficiency and effectiveness, and facilitates appropriate resource allocation of the programs.
• Implement and manage effective technology and processes by maintaining current knowledge of industry standards, new trends and peer deployment to deliver secure products and services and ensure market value and user delight.

Education: Bachelor’s Degree in Computer Science, Information Systems or Business Management is required.

Certifications: At least one of the following certifications is required: CISA, CRISC, CISSP, CISM, or SANS GIAC (GSNA, etc.).

Job Experience: At least four years’ experience in or a combination of information security, IT audit, or information technology operations.

Advanced knowledge of risk management processes including internal audit and information security management. Experience evaluating controls relative to information security frameworks such as ISO 27002, NIST 800 series, or financial services regulatory frameworks such as the FFIEC IT booklets and InTREx

Other Skills: Demonstrated understanding of information security concepts including encryption, access controls, network security, security operations, security architect, threat modeling and design.  Demonstrated proficiency in applicable regulatory requirements including PCI DSS, GLBA, records retention and data classification.

Physical Demands: Must be able to regularly talk, hear and operate a computer, keyboard and mouse and occasionally lift, pull/push and carry up to 30 pounds with accommodations.

Work Conditions: Exposure to constant or intermittent sounds at a low or moderate level consistent with an office setting. Exposure to high-stress, fast-paced, deadline-oriented environment.

Travel Demands: Travel for annual training and site visits less than 10% of the time.

Please review our website for more information at www.stcu.org/careers.