Senior Cybersecurity Governance, Risk and Compliance (GRC) Manager

Description• Own and evolve BECU’s enterprise-wide Cybersecurity Governance, Risk & Compliance (GRC) program, ensuring every cyber risk is visible, quantified, and woven into BECU’s broader enterprise risk strategy. • Architect and fully operationalize BECU’s PCI-DSS compliance program across all payment channels—card-present, e-commerce, mobile, and emerging fintech partnerships—translating the standard’s 12 requirements into repeatable controls, evidence libraries, and automated dashboards. • Translate complex federal and state regulations (FFIEC, GLBA, SOX, PCI DSS, NIST CSF) into plain-language policies, standards, and control procedures that business, IT, and third-party teams can execute without friction.• Serve as the authoritative voice on cyber risk for senior leadership, board committees, and regulators; deliver crisp risk briefings, heat-maps, and trend analyses that influence strategic decisions and capital allocation. • Build and maintain the enterprise Cyber Risk Register—cataloging threats, vulnerabilities, control gaps, and residual risk scores—then drive remediation road-maps that balance security rigor with member experience and operational agility. • Design KPIs and KRIs that measure control effectiveness, incident trends, and compliance posture; automate collection via GRC platforms and present actionable insights to executives and auditors on a weekly cadence.• Provide “credible challenge” to control owners across business lines, IT, and third-party vendors; conduct deep-dive assessments, tabletop exercises, and root-cause analyses that turn audit findings into measurable improvements. • Partner with Legal, Compliance, and Internal Audit to manage regulatory examinations, external audits, and third-party attestations—ensuring zero surprises and sustained compliance with evolving mandates. • Lead cross-functional working groups to embed security-by-design into product development, vendor onboarding, cloud migrations, and digital transformation initiatives.• Oversee exception management workflows—documenting risk acceptance, mitigation timelines, and residual exposure—while maintaining an auditable trail for examiners and senior management. • Drive enterprise security awareness and culture change by collaborating with HR and Corporate Communications to create engaging training content, phishing simulations, and metrics that prove behavioral improvement. • Continuously refine policies, standards, and guidelines to reflect emerging threats, new technologies (e.g., open banking APIs, real-time payments), and BECU’s strategic roadmap.• Mentor junior GRC analysts and cultivate a center of excellence that elevates cybersecurity maturity across the credit union ecosystem. • Champion automation—leveraging GRC tools, SOAR, and data analytics—to reduce manual effort, accelerate evidence collection, and scale oversight as BECU grows beyond 1.5 million members and $30 billion in assets. • Influence vendor risk management by defining security requirements in RFPs, conducting due-diligence assessments, and monitoring ongoing compliance through continuous control monitoring dashboards.• Ensure seamless integration between cybersecurity risk and enterprise risk functions, enabling a unified view that supports capital planning, insurance decisions, and board reporting. Requirements• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience) plus 7+ years of progressive cybersecurity, compliance, or IT audit experience, including hands-on ownership of PCI DSS compliance and Cardholder Data Environment (CDE) controls. • Deep, practical expertise with GRC frameworks—FFIEC, GLBA, PCI DSS, SOX, NIST CSF—and proven ability to operationalize them in a complex, highly regulated enterprise.• One or more advanced certifications: CISSP, CCSP, CISM, GIAC, CISA, CRISC, PCIP, ISA, or QSA (or equivalent) strongly preferred. • Demonstrated success influencing senior stakeholders, translating technical risk into business impact, and driving cross-functional remediation without formal authority. • Hands-on proficiency with GRC platforms, risk quantification methodologies, and automation of evidence collection, reporting, and exception workflows. ️ Benefits• bolthires pay range of $152,300–$186,100 annually (full range $118,200–$220,200) plus performance-based incentives tied to risk-reduction and compliance outcomes.• Comprehensive medical, dental, vision, life, disability, and AD&D insurance for employees and eligible family members, plus HSA, FSA, and dependent-care flexible spending options. • 401(k) with employer match and an additional employer-funded retirement plan to accelerate long-term financial security. • 160 hours of PTO accrued per year (6.16 hours per pay period) plus ten paid holidays and a culture that actively encourages unplugged time off. Apply tot his job