We exist to help people achieve financial clarity. At Thrivent, we believe money is a tool, not a goal. Driven by a higher purpose at our core, we are committed to providing financial advice, investments, insurance, banking and generosity programs to help people make the most of all they’ve been given.

At our core, we are a membership-owned fraternal organization, as well as a holistic financial services organization, dedicated to serving the unique needs of our clients. We focus on their goals and priorities, guiding them toward financial choices that will help them live the life they want today—and tomorrow.

Job Summary

The Chief Information Security & Privacy Officer of Thrivent Bank in formation is an individual contributor role for a de novo bank. They serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security and privacy policies. A key element of this position is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security and privacy management program to ensure that customer information and information assets are adequately protected.

**The offices of Thrivent Bank will be located in the Salt Lake City Valley.

         

          

Job Responsibilities and Duties

Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.Work directly with the business units to facilitate risk assessment and risk management processes including the information security, cybersecurity, and GLBA risk assessments annually.Develop and enhance an information security management framework.Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.Provide leadership to the enterprise's information security organization.Partner with business stakeholders across the company to raise awareness of risk management concerns.Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.Develop and maintain information security and privacy policies and procedures in accordance with industry standards and applicable laws and regulations.Work with cross-functional teams to ensure the privacy and security of all data collected, stored, or transmitted by the organization.Manage and investigate security incidents and privacy breaches to ensure compliance and identify areas for improvement. Coordinate breach response activities.Stay up to date with industry best practices and changes in laws and regulations related to information security, cybersecurity, disaster recovery and privacy.Oversee third-party service providers that provide information-security related services including network, email, and VPN applications and services such as vulnerability management, system patching network scanning, and penetration testing.Conduct periodic phishing tests for Bank employees.Support the Banks third-party risk management program by reviewing SOC I/II reports for critical/high risk suppliers.Oversee and coordinate with Information Technology Operations staff on the execution of 1st line of defense information security responsibilities including log monitoring and asset management.Experience with oversight of Privacy-related regulations such as GLBA, CAN-SPAM, TCPA, and privacy breach notification requirements.

Job Qualifications

Required:

Experience working in an ILC chartered institution preferred.Degree in business administration or a technology-related field required. Professional security management certification such as Certified Information Systems Security Auditor (CISSP), Certified Information Security Auditor (CISA), Certified Information Systems Manager (CISM) or Certified in Risk and Information Systems Control (CRISC), Certification in privacy management or compliance (CRCM) preferred.Minimum of eight to twelve years of experience in a combination of risk management, information security and IT jobs.Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.Excellent written and verbal communication skills and high level of personal integrity.Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.Experience in Cybersecurity risk principles and frameworks.Specific experience in Agile (scaled) software development or other best in class development practices.Experience with Cloud computing/Elastic computing across virtualized environments.Experience with PCI DDS.Strong analytical and problem-solving skills.

Additional Information

This position is eligible for relocation.  This position allows a flexible work arrangement meaning you may work on-site and/or remotely from the Utah area.

              

Pay Transparency

 

Thrivent’s long-term growth depends on attracting, rewarding, and retaining people who are committed to helping others thrive with purpose. We accomplish this by offering a wide variety of market competitive compensation programs to attract, reward, and retain top talent. The applicable salary or hourly wage range for this full-time role is $130,210.00 - $176,167.00 per year, which factors in various geographic regions. The base pay actually offered will be determined by a variety of factors including, but not limited to, location, relevant experience, skills, and knowledge, business needs, market demand, and other factors Thrivent deems important.

 

Thrivent is unique in our commitment to helping people to be wise with money and live balanced and generous lives. That extends to our benefits.

 

The following benefits may be offered: various bonuses (including, for example, annual or long-term incentives); medical, dental, and vision insurance; health savings account; flexible spending account; 401k; pension; life and accidental death and dismemberment insurance; disability insurance; supplemental protection insurance; 20 days of Paid Time Off each year; Sick and Safe Time; 10 paid company holidays; Volunteer Time Off; paid parental leave; EAP; well-being benefits, and other employee benefits. Eligibility for receipt of these benefits is subject to the applicable plan/policy documents. Thrivent’s plans/policies are subject to change at any time at Thrivent’s discretion.

 

Thrivent provides Equal Employment Opportunity (EEO) without regard to race, religion, color, sex, gender identity, sexual orientation, pregnancy, national origin, age, disability, marital status, citizenship status, military or veteran status, genetic information, or any other status protected by applicable local, state, or federal law. This policy applies to all employees and job applicants.

Thrivent is committed to providing reasonable accommodation to individuals with disabilities. If you need a reasonable accommodation, please let us know by sending an email to human.resources@thrivent.com or call 800-847-4836 and request Human Resources.