Heritage Bank
Position Overview
Heritage Bank has an exciting opportunity to join our organization! We are seeking a Information / Cyber Security Risk Officer to join our Compliance team. The information / cyber security risk officer is responsible for executing the tactical and operational elements of the bank's information and cyber risk management program. This position leads day-to-day risk oversight activities across cybersecurity, information security, third‑party / vendor risk, data governance, and business continuity planning (BCP). Geographical location for this position is Tacoma, Washington at the Southern Operations Center. Depending on experience and qualifications, other locations within Heritage Bank’s footprint (WA, OR, ID) may be considered. Base Salary Range: $112,991.00 – $141,236.00 – $169,491.00 annual.
Responsibilities
Leads day-to-day risk oversight activities across cybersecurity, information security, third‑party / vendor risk, data governance, and business continuity planning (BCP).
Assists with the identification, assessment, mitigation, and monitoring of cybersecurity and information security risks across the enterprise, and contributes to risk registers and incident trend analyses.
Oversees IT control assessments, gap analyses, and control testing, ensuring appropriate documentation and remediation planning.
Collaborates with procurement and vendor management partners to ensure all third‑party and outsourced service providers undergo risk assessments in alignment with third‑party risk guidance and requirements.
Partners with data governance and compliance programs to ensure security classification, handling, retention, and access controls over sensitive and regulated data are enforced and operating (e.g., customer PII, NPI, financial records).
Acts as the primary liaison with internal and external audit teams and regulatory examiners for all cybersecurity and third‑party risk‑related reviews.
Ensures effective coordination, clear communication, and timely resolution of audit findings, regulatory inquiries, and identified issues.
Supports ongoing vendor risk monitoring activities to include risk rating, annual reassessments, and reporting of vendor performance.
Supports the development, testing, and maintenance of business continuity and disaster recovery plans for critical systems and operations.
Coordinates and supports tabletop and full‑scale exercises, tracks remediation actions, and contributes to program maturity assessments.
Qualifications
Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or related field required.
5+ years of recent and progressive knowledge and experience in an information security and / or risk management role within a financial services or community bank environment required.
Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or equivalent preferred.
Strong knowledge of regulatory frameworks (e.g., FFIEC, GLBA, PCI‑DSS, SOX, HIPAA) and in‑depth understanding of NIST CSF, ISO 27001, COBIT, COSO and vendor risk management frameworks.
Strong understanding of information and cyber security concepts including encryption, access controls, network security, security operations, security architecture, threat modeling and design.
Thorough knowledge of statutory banking compliance regulations issued by the FDIC, FinCEN, and Federal Reserve Board, with strong knowledge of privacy laws such as GLBA and SOX.
Proficient and advanced experience with information security assessment and auditing procedures, vulnerability scanning and auditing tools, enterprise‑scale network and host‑based IDS architectures, firewall architectures, computer investigation and forensics methods, and secure messaging architectures.
Strong planning, organizational, time‑management, and follow‑up skills, with a strong sense of urgency and ability to execute quickly, timely and efficiently.
High level of professional integrity and ability to handle sensitive and confidential information.
Excellent verbal, written, and telephone communication skills, including effective questioning, negotiation and presentation skills to communicate security‑related concepts in a variety of settings.
Ability to read, write, speak, and understand English well.
Work Environment / Conditions Climate‑controlled office environment. Work involves concentration under distracting work conditions, frequent employee and customer contacts and interruptions. Physical demands include constant use of computer screens, reading reports, sitting, operating computer keyboard, multi‑line telephone, photocopier, scanner and facsimile, occasional lifting up to 20 lbs. Intermittently standing, stooping, bending at the waist, walking, climbing, kneeling or crouching to file materials.
Benefits
10 paid vacation days annually, eight hours of paid sick leave per month, 11 paid holidays each calendar year, and an annual float day.
Base salary as advertised, plus potential monthly, quarterly or annual incentives and/or bonuses.
Exceptional benefits package including medical, dental, vision, life insurance, 401(k) plan, and community volunteer time.
Generous time‑off policy.
Full‑time team members receive a minimum of 10 paid vacation days annually.
Equal‑Opportunity Employer Heritage Bank is an Equal Opportunity Employer.
Salary Range Disclaimer The base salary range represents Heritage Bank’s current salary range for the position. Actual salaries will vary depending on factors including, but not limited to, qualifications, experience, and job performance. The range listed is just one component of Heritage Bank’s total compensation package for full time and part time employees.
#J-18808-Ljbffr
Responsibilities
Leads day-to-day risk oversight activities across cybersecurity, information security, third‑party / vendor risk, data governance, and business continuity planning (BCP).
Assists with the identification, assessment, mitigation, and monitoring of cybersecurity and information security risks across the enterprise, and contributes to risk registers and incident trend analyses.
Oversees IT control assessments, gap analyses, and control testing, ensuring appropriate documentation and remediation planning.
Collaborates with procurement and vendor management partners to ensure all third‑party and outsourced service providers undergo risk assessments in alignment with third‑party risk guidance and requirements.
Partners with data governance and compliance programs to ensure security classification, handling, retention, and access controls over sensitive and regulated data are enforced and operating (e.g., customer PII, NPI, financial records).
Acts as the primary liaison with internal and external audit teams and regulatory examiners for all cybersecurity and third‑party risk‑related reviews.
Ensures effective coordination, clear communication, and timely resolution of audit findings, regulatory inquiries, and identified issues.
Supports ongoing vendor risk monitoring activities to include risk rating, annual reassessments, and reporting of vendor performance.
Supports the development, testing, and maintenance of business continuity and disaster recovery plans for critical systems and operations.
Coordinates and supports tabletop and full‑scale exercises, tracks remediation actions, and contributes to program maturity assessments.
Qualifications
Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or related field required.
5+ years of recent and progressive knowledge and experience in an information security and / or risk management role within a financial services or community bank environment required.
Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or equivalent preferred.
Strong knowledge of regulatory frameworks (e.g., FFIEC, GLBA, PCI‑DSS, SOX, HIPAA) and in‑depth understanding of NIST CSF, ISO 27001, COBIT, COSO and vendor risk management frameworks.
Strong understanding of information and cyber security concepts including encryption, access controls, network security, security operations, security architecture, threat modeling and design.
Thorough knowledge of statutory banking compliance regulations issued by the FDIC, FinCEN, and Federal Reserve Board, with strong knowledge of privacy laws such as GLBA and SOX.
Proficient and advanced experience with information security assessment and auditing procedures, vulnerability scanning and auditing tools, enterprise‑scale network and host‑based IDS architectures, firewall architectures, computer investigation and forensics methods, and secure messaging architectures.
Strong planning, organizational, time‑management, and follow‑up skills, with a strong sense of urgency and ability to execute quickly, timely and efficiently.
High level of professional integrity and ability to handle sensitive and confidential information.
Excellent verbal, written, and telephone communication skills, including effective questioning, negotiation and presentation skills to communicate security‑related concepts in a variety of settings.
Ability to read, write, speak, and understand English well.
Work Environment / Conditions Climate‑controlled office environment. Work involves concentration under distracting work conditions, frequent employee and customer contacts and interruptions. Physical demands include constant use of computer screens, reading reports, sitting, operating computer keyboard, multi‑line telephone, photocopier, scanner and facsimile, occasional lifting up to 20 lbs. Intermittently standing, stooping, bending at the waist, walking, climbing, kneeling or crouching to file materials.
Benefits
10 paid vacation days annually, eight hours of paid sick leave per month, 11 paid holidays each calendar year, and an annual float day.
Base salary as advertised, plus potential monthly, quarterly or annual incentives and/or bonuses.
Exceptional benefits package including medical, dental, vision, life insurance, 401(k) plan, and community volunteer time.
Generous time‑off policy.
Full‑time team members receive a minimum of 10 paid vacation days annually.
Equal‑Opportunity Employer Heritage Bank is an Equal Opportunity Employer.
Salary Range Disclaimer The base salary range represents Heritage Bank’s current salary range for the position. Actual salaries will vary depending on factors including, but not limited to, qualifications, experience, and job performance. The range listed is just one component of Heritage Bank’s total compensation package for full time and part time employees.
#J-18808-Ljbffr