The Director Information Risk Management (IRM) is the business leader overseeing the development and implementation of risk management, compliance and governance principles, policies, and practices as applied to information and information systems. The Director Information Risk Management is responsible for leadership of all information risk management activities, as well as assisting the Chief Information Security Officer with the monitoring of the organization's services, systems, policies, and procedures to assure efficient and effective security practices.
The scope of this role includes oversight of information risk management, compliance and information security governance activities related to the entire enterprise. The Director Information Risk Management will also provide risk management leadership in support of the emerging areas of Enterprise Risk Management and Internal Audit.
- Lead the development and implementation of an information risk management program (process and tools) with a scope that ranges from risk identification through remediation as applied to information and information system risks.
- Partner with Procurement to manage the information security risks associated with third party relationships.
- Team with security architects on the development and implementation of policies, standards, guidelines and reusable security patterns related to information security, incident management and business continuity for applications, infrastructure and data.
- Manage risk extension and risk acceptance processes with respect to policy exceptions.
- Participate in an ongoing process for maintaining knowledge and visibility of relevant external information that can impact the company's security and risk requirements or posture.
- Represent the organization’s risk management interests with partners, suppliers, industry associations, and government entities to ensure the bi-directional flow of information and best practices in the area of information risk management.
- Monitor trends in information technology, security and risk management that could have an impact on the security of the organization’s products, processes, infrastructure, and/or customers.
- Acquire, develop and deliver risk management-related training material as needed.
- Manage all externally driven compliance obligations (e.g., PCI DSS, SOX, GLBA, FFIEC).
- Manage all internally driven compliance obligations (adopted and internally defined standards, e.g., ISO 27001, ISO 27002, SSAE16).
- Drive internal communications to ensure program coordination with other internal groups and facilitate security awareness and training content development and delivery.
- Develop and implement a metrics and reporting program to monitor and improve the efficiency and effectiveness of the security program, and its contribution to meeting business goals.
- Facilitate the engagement with executive management and the board to ensure security program objectives are achieved and information security risks are being properly managed.
- 8 years of IT-related experience with at least 4 years in information security required.
- At least 2 years of information security management experience including work with C-level executives and board members required.
- Experience in the financial services industry required.
- Experience with information risk management models and frameworks required.
- BS in computer science or engineering, or equivalent required, MS in computer science, engineering or equivalent desired.
- Security certification (CISSP and/or CISM) desired.
- Excellent communication skills (verbal and written) required.
- Knowledge and understanding of security-related standards required.
- A high level of integrity and trust required.
Known as an "innovations" leader in the Payment Processing Industry, in 2012 Mercury was awarded the top (GOLD) award in the Payment Processing category and Best Overall Retail Technology Vendor at RSPA for the 3rd consecutive year in a row. We were honored with a “Best Company To Work For In Colorado” and a ColoradoBiz Magazine “Top Company” award in 2008. In 2012 Mercury also won for Technology Company of the Year at the Colorado Technology Association's Apex Awards. Headquartered in Durango, Colorado, with a second office in Denver, we offer challenging career opportunities in a fast paced, strategic work environment. EOE
About Durango, Colorado
Durango is situated at the southwestern foot of the Rocky Mountains at an elevation of 6,500 feet. The population is about 17,000 (50,000+ countywide). Surrounded by some two-million acres of San Juan National Forest land, the area is a natural playground for all who appreciate spectacular views and outdoor experiences. Though Durango is a geographically, culturally, and economically diverse area, the thread that ties its citizenry together is quality of life.
Durango was recently ranked the #1 “micropolitan” area in the United States by an independent economic research firm, Policom. Durango was ranked first out of 576 micropolitan (less than 50,000 people) areas studied. The study ranked over 23 different economic factors, including wages and earnings. Large corporations and small main street shops thrive in Durango. Mercury is among Durango’s largest employers.
Small enough to feel personal and uncongested, Durango is large enough to offer a diverse selection of recreational, entertainment, cultural, and educational opportunities. Locals and tourists alike enjoy Durango for its high mountain vistas, powder skiing, cycling, kayaking, rafting, fishing, and lingering hints of western lore. Our playground is the entire four corners area, from hot desert to mountain summits.
No wonder why Durango residents are some of the most fulfilled in Colorado and the US.
Mercury is one of North America’s most innovative and fastest growing payments processing / merchant acquiring companies. As the...