Boeing Employees Credit Union
Senior Cybersecurity Governance, Risk and Compliance (GRC) Manager
Boeing Employees Credit Union, Olympia, Washington, United States
Overview
Is it surprising to hear that a financial institution of 1.5 million members and over $30 billion in managed assets says that success comes from focusing on people, not profits? Our "people helping people" philosophy has guided us since 1935, driving our deep commitment to serving our members, communities, and each other. When you join our team, you become part of a purpose-driven organization where your work makes a real difference.
While we’re proud of our history, we’re excited about our future. With business and technology transformation on the horizon, there’s never been a better time to be part of BECU.
PAY RANGE
The target pay range for this position is $152,300.00-$186,100.00 annually. The full pay range is $118,200.00 - $220,200.00 annually. At BECU, compensation decisions are determined using factors such as relevant job-related skills, experience, and education or training. Should an offer for employment be made, we will consider individual qualifications. In addition to salary, compensation incentives are available for the hired applicant. Incentives are performance-based and targets vary by role.
BENEFITS
Employees and their eligible family members have access to a wide array of benefits, such as medical, dental, vision and life insurance. Employees have access to disability and AD&D insurance. We offer health care and dependent care flexible spending accounts, as well as health savings accounts, to eligible employees. Employees can enroll in our company’s 401k plan and employer-funded retirement plan. Newly hired employees accrue 6.16 hours of paid time off (PTO) per pay period (based on hours worked, up to a maximum of 160 PTO hours per year) and receive ten paid holidays throughout the calendar year. Additional details regarding BECU Benefits can be found here.
IMPACT YOU’LL MAKE
As the
Senior Cybersecurity GRC Manager
at BECU, you’ll be at the forefront of protecting our members and organization by shaping how we manage cyber risk across the enterprise. You’ll lead efforts to ensure cybersecurity risks are visible, well-understood, and actively integrated into broader enterprise risk strategies. Your work will directly influence how we govern, measure, and improve our cybersecurity posture, helping BECU stay resilient in a rapidly evolving digital landscape. This role will be heavily focused on building out and operationalizing our PCI-DSS compliance program across BECU payment channels.
This is your opportunity to make a meaningful impact by driving awareness, building strong governance frameworks, and empowering teams to manage risk confidently. You’ll be a trusted advisor, a strategic thinker, and a hands-on leader who helps BECU stay secure, compliant, and future-ready.
To join our dynamic team , we require candidates to be residents of WA, OR, ID, AZ, TX, GA, or SC. If you’re located in Washington state and within a reasonable driving distance from Tukwila, we are requesting that you come into our HQ on Tuesdays & Wednesdays. For those candidates that live outside the commute distance of TFC and in any of our approved remote work locations, this role will be remote. Remote or onsite, we are committed to ensuring you are fully engaged and included in our collaborative environment.
WHAT YOU’LL DO
Lead Cybersecurity GRC Strategy:
Drive the development and continuous improvement of BECU’s Cybersecurity Governance, Risk, and Compliance program in partnership with leadership.
Interpret Regulatory Requirements:
Collaborate with legal and compliance teams to translate cybersecurity-related laws and regulations into actionable policies and controls.
Provide Risk Oversight:
Offer expert guidance and credible challenges to ensure cyber risks are identified, owned, and actively managed across the organization.
Design Risk Controls & Dashboards:
Develop system and business controls, dashboards, and visibility tools to track risk ownership and status.
Support Cyber Risk Register:
Contribute to the ongoing development and maintenance of the Cyber Risk Register, ensuring risks are documented and prioritized.
Monitor Compliance & Escalate Issues:
Analyze security data and processes to identify potential compliance gaps, escalating issues when necessary.
Manage Enterprise Risk Operations:
Oversee cybersecurity-related risk artifacts such as findings, exceptions, standards, and guidelines to support reporting and treatment activities.
Drive Security Awareness:
Partner with HR and Communications to develop engaging security awareness content and track program effectiveness through metrics.
Develop Risk Metrics & Reporting:
Create and maintain KPIs and risk metrics to communicate cybersecurity performance and risk posture.
Advise on Governance Processes:
Support internal stakeholders in applying cybersecurity governance processes, including standards, guidelines, and committee expectations.
Adapt Policies to Evolving Threats:
Continuously update cybersecurity policies and standards to reflect changes in technology, threats, and organizational needs.
Collaborate Across Teams:
Work closely with business units, IT, and third-party vendors to embed cybersecurity governance in daily operations.
What you’ll gain
A chance to shape enterprise-wide cybersecurity governance and risk strategy with a heavy focus on PCI-DSS program development; opportunities to work with legal, compliance, and regulatory bodies on high-impact initiatives.
A culture that values innovation, integrity, and continuous learning.
The ability to influence how cybersecurity risk is measured, reported, and managed.
A supportive environment where your expertise is respected and your growth is encouraged.
Exposure to GRC frameworks like NIST CSF, FFIEC, GLBA, PCI/DSS, and SOX.
A role that blends strategic thinking with hands-on leadership and cross-functional collaboration.
QUALIFICATIONS
Minimum Qualifications
Typically requires a bachelor’s degree in information security, Computer Science or related field, or equivalent work or education-related experience.
Typically requires 7 years of cybersecurity experience or related experience in IT, Compliance, or Audit, including hands-on management of PCI DSS compliance and CDE.
One or more of the following certifications, or equivalent: CISSP, CCSP, CISM, GIAC, CISA, CRISC, or PCI-related certifications (PCIP, ISA, or QSA).
Expertise leveraging established GRC frameworks (FFIEC, GLBA, PCI/DSS, SOX, NIST CSF) to increase cybersecurity maturity in an enterprise environment.
Demonstrated ability to collaborate and influence stakeholders and partner with organizational leadership, vendors, and third parties.
Working knowledge of governance, risk, and compliance (GRC) tools and automation of risk evaluation, integration with enterprise risk functions, and reporting.
Desired qualifications
Advanced degree preferred.
Knowledge of information and security systems to identify risk exposure, including third-party cyber risk.
Experience working independently and as part of a team, with discretion in decision making and problem solving.
Experience setting goals and objectives pertaining to training needs; ability to present programs and provide training materials.
Working knowledge of firewalls, vulnerability management, penetration testing, server and desktop configuration and controls, and encryption.
JOIN THE JOURNEY
Ready to make an indelible impact? Eager to be part of a collaborative and innovative team where your ideas fuel growth and success at BECU? This is more than a job — it’s a chance to elevate your career, skills, and future, all while contributing to BECU’s robust technology landscape.
Embrace the opportunity to grow with us. Apply now, bring your expertise to the table, and let’s achieve excellence together at BECU. Your journey of influence, innovation, and impactful contribution starts now.
#BECU #YourGrowth #BECUJourney
EEO Statement: BECU is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, veteran status, disability, sexual orientation, gender identity, or any other protected status.
#J-18808-Ljbffr
Is it surprising to hear that a financial institution of 1.5 million members and over $30 billion in managed assets says that success comes from focusing on people, not profits? Our "people helping people" philosophy has guided us since 1935, driving our deep commitment to serving our members, communities, and each other. When you join our team, you become part of a purpose-driven organization where your work makes a real difference.
While we’re proud of our history, we’re excited about our future. With business and technology transformation on the horizon, there’s never been a better time to be part of BECU.
PAY RANGE
The target pay range for this position is $152,300.00-$186,100.00 annually. The full pay range is $118,200.00 - $220,200.00 annually. At BECU, compensation decisions are determined using factors such as relevant job-related skills, experience, and education or training. Should an offer for employment be made, we will consider individual qualifications. In addition to salary, compensation incentives are available for the hired applicant. Incentives are performance-based and targets vary by role.
BENEFITS
Employees and their eligible family members have access to a wide array of benefits, such as medical, dental, vision and life insurance. Employees have access to disability and AD&D insurance. We offer health care and dependent care flexible spending accounts, as well as health savings accounts, to eligible employees. Employees can enroll in our company’s 401k plan and employer-funded retirement plan. Newly hired employees accrue 6.16 hours of paid time off (PTO) per pay period (based on hours worked, up to a maximum of 160 PTO hours per year) and receive ten paid holidays throughout the calendar year. Additional details regarding BECU Benefits can be found here.
IMPACT YOU’LL MAKE
As the
Senior Cybersecurity GRC Manager
at BECU, you’ll be at the forefront of protecting our members and organization by shaping how we manage cyber risk across the enterprise. You’ll lead efforts to ensure cybersecurity risks are visible, well-understood, and actively integrated into broader enterprise risk strategies. Your work will directly influence how we govern, measure, and improve our cybersecurity posture, helping BECU stay resilient in a rapidly evolving digital landscape. This role will be heavily focused on building out and operationalizing our PCI-DSS compliance program across BECU payment channels.
This is your opportunity to make a meaningful impact by driving awareness, building strong governance frameworks, and empowering teams to manage risk confidently. You’ll be a trusted advisor, a strategic thinker, and a hands-on leader who helps BECU stay secure, compliant, and future-ready.
To join our dynamic team , we require candidates to be residents of WA, OR, ID, AZ, TX, GA, or SC. If you’re located in Washington state and within a reasonable driving distance from Tukwila, we are requesting that you come into our HQ on Tuesdays & Wednesdays. For those candidates that live outside the commute distance of TFC and in any of our approved remote work locations, this role will be remote. Remote or onsite, we are committed to ensuring you are fully engaged and included in our collaborative environment.
WHAT YOU’LL DO
Lead Cybersecurity GRC Strategy:
Drive the development and continuous improvement of BECU’s Cybersecurity Governance, Risk, and Compliance program in partnership with leadership.
Interpret Regulatory Requirements:
Collaborate with legal and compliance teams to translate cybersecurity-related laws and regulations into actionable policies and controls.
Provide Risk Oversight:
Offer expert guidance and credible challenges to ensure cyber risks are identified, owned, and actively managed across the organization.
Design Risk Controls & Dashboards:
Develop system and business controls, dashboards, and visibility tools to track risk ownership and status.
Support Cyber Risk Register:
Contribute to the ongoing development and maintenance of the Cyber Risk Register, ensuring risks are documented and prioritized.
Monitor Compliance & Escalate Issues:
Analyze security data and processes to identify potential compliance gaps, escalating issues when necessary.
Manage Enterprise Risk Operations:
Oversee cybersecurity-related risk artifacts such as findings, exceptions, standards, and guidelines to support reporting and treatment activities.
Drive Security Awareness:
Partner with HR and Communications to develop engaging security awareness content and track program effectiveness through metrics.
Develop Risk Metrics & Reporting:
Create and maintain KPIs and risk metrics to communicate cybersecurity performance and risk posture.
Advise on Governance Processes:
Support internal stakeholders in applying cybersecurity governance processes, including standards, guidelines, and committee expectations.
Adapt Policies to Evolving Threats:
Continuously update cybersecurity policies and standards to reflect changes in technology, threats, and organizational needs.
Collaborate Across Teams:
Work closely with business units, IT, and third-party vendors to embed cybersecurity governance in daily operations.
What you’ll gain
A chance to shape enterprise-wide cybersecurity governance and risk strategy with a heavy focus on PCI-DSS program development; opportunities to work with legal, compliance, and regulatory bodies on high-impact initiatives.
A culture that values innovation, integrity, and continuous learning.
The ability to influence how cybersecurity risk is measured, reported, and managed.
A supportive environment where your expertise is respected and your growth is encouraged.
Exposure to GRC frameworks like NIST CSF, FFIEC, GLBA, PCI/DSS, and SOX.
A role that blends strategic thinking with hands-on leadership and cross-functional collaboration.
QUALIFICATIONS
Minimum Qualifications
Typically requires a bachelor’s degree in information security, Computer Science or related field, or equivalent work or education-related experience.
Typically requires 7 years of cybersecurity experience or related experience in IT, Compliance, or Audit, including hands-on management of PCI DSS compliance and CDE.
One or more of the following certifications, or equivalent: CISSP, CCSP, CISM, GIAC, CISA, CRISC, or PCI-related certifications (PCIP, ISA, or QSA).
Expertise leveraging established GRC frameworks (FFIEC, GLBA, PCI/DSS, SOX, NIST CSF) to increase cybersecurity maturity in an enterprise environment.
Demonstrated ability to collaborate and influence stakeholders and partner with organizational leadership, vendors, and third parties.
Working knowledge of governance, risk, and compliance (GRC) tools and automation of risk evaluation, integration with enterprise risk functions, and reporting.
Desired qualifications
Advanced degree preferred.
Knowledge of information and security systems to identify risk exposure, including third-party cyber risk.
Experience working independently and as part of a team, with discretion in decision making and problem solving.
Experience setting goals and objectives pertaining to training needs; ability to present programs and provide training materials.
Working knowledge of firewalls, vulnerability management, penetration testing, server and desktop configuration and controls, and encryption.
JOIN THE JOURNEY
Ready to make an indelible impact? Eager to be part of a collaborative and innovative team where your ideas fuel growth and success at BECU? This is more than a job — it’s a chance to elevate your career, skills, and future, all while contributing to BECU’s robust technology landscape.
Embrace the opportunity to grow with us. Apply now, bring your expertise to the table, and let’s achieve excellence together at BECU. Your journey of influence, innovation, and impactful contribution starts now.
#BECU #YourGrowth #BECUJourney
EEO Statement: BECU is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, veteran status, disability, sexual orientation, gender identity, or any other protected status.
#J-18808-Ljbffr