Senior Cybersecurity Governance, Risk and Compliance (GRC) Manager

Description • Own and evolve BECU’s enterprise-wide Cybersecurity Governance, Risk & Compliance (GRC) program, ensuring every cyber risk is visible, quantified, and woven into BECU’s broader enterprise risk strategy. • Architect and fully operationalize BECU’s PCI-DSS compliance program across all payment channels—card-present, e-commerce, mobile, and emerging fintech partnerships—translating the standard’s 12 requirements into repeatable controls, evidence libraries, and automated dashboards. • Translate complex federal and state regulations (FFIEC, GLBA, SOX, PCI DSS, NIST CSF) into plain-language policies, standards, and control procedures that business, IT, and third-party teams can execute without friction. • Serve as the authoritative voice on cyber risk for senior leadership, board committees, and regulators; deliver crisp risk briefings, heat-maps, and trend analyses that influence strategic decisions and capital allocation. • Build and maintain the enterprise Cyber Risk Register—cataloging threats, vulnerabilities, control gaps, and residual risk scores—then drive remediation road-maps that balance security rigor with member experience and operational agility. • Design KPIs and KRIs that measure control effectiveness, incident trends, and compliance posture; automate collection via GRC platforms and present actionable insights to executives and auditors on a weekly cadence. • Provide “credible challenge” to control owners across business lines, IT, and third-party vendors; conduct deep-dive assessments, tabletop exercises, and root-cause analyses that turn audit findings into measurable improvements. • Partner with Legal, Compliance, and Internal Audit to manage regulatory examinations, external audits, and third-party attestations—ensuring zero surprises and sustained compliance with evolving mandates. • Lead cross-functional working groups to embed security-by-design into product development, vendor onboarding, cloud migrations, and digital transformation initiatives. • Oversee exception management workflows—documenting risk acceptance, mitigation timelines, and residual exposure—while maintaining an auditable trail for examiners and senior management. • Drive enterprise security awareness and culture change by collaborating with HR and Corporate Communications to create engaging training content, phishing simulations, and metrics that prove behavioral improvement. • Continuously refine policies, standards, and guidelines to reflect emerging threats, new technologies (e.g., open banking APIs, real-time payments), and BECU’s strategic roadmap. • Mentor junior GRC analysts and cultivate a center of excellence that elevates cybersecurity maturity across the credit union ecosystem. • Champion automation—leveraging GRC tools, SOAR, and data analytics—to reduce manual effort, accelerate evidence collection, and scale oversight as BECU grows beyond 1.5 million members and $30 billion in assets. • Influence vendor risk management by defining security requirements in RFPs, conducting due-diligence assessments, and monitoring ongoing compliance through continuous control monitoring dashboards. • Ensure seamless integration between cybersecurity risk and enterprise risk functions, enabling a unified view that supports capital planning, insurance decisions, and board reporting. Requirements • Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience) plus 7+ years of progressive cybersecurity, compliance, or IT audit experience, including hands-on ownership of PCI DSS compliance and Cardholder Data Environment (CDE) controls. • Deep, practical expertise with GRC frameworks—FFIEC, GLBA, PCI DSS, SOX, NIST CSF—and proven ability to operationalize them in a complex, highly regulated enterprise. • One or more advanced certifications: CISSP, CCSP, CISM, GIAC, CISA, CRISC, PCIP, ISA, or QSA (or equivalent) strongly preferred. • Demonstrated success influencing senior stakeholders, translating technical risk into business impact, and driving cross-functional remediation without formal authority. • Hands-on proficiency with GRC platforms, risk quantification methodologies, and automation of evidence collection, reporting, and exception workflows. ️ Benefits • Target pay range of $152,300–$186,100 annually (full range $118,200–$220,200) plus performance-based incentives tied to risk-reduction and compliance outcomes. • Comprehensive medical, dental, vision, life, disability, and AD&D insurance for employees and eligible family members, plus HSA, FSA, and dependent-care flexible spending options. • 401(k) with employer match and an additional employer-funded retirement plan to accelerate long-term financial security. • 160 hours of PTO accrued per year (6.16 hours per pay period) plus ten paid holidays and a culture that actively encourages unplugged time off. Apply tot his job