Umpqua Bank IT Governance Manager in Hillsboro, Oregon

JOB PURPOSE

Responsible for managing and leading the first line of defense IT and Cybersecurity Governance programs. The incumbent will establish and maintain the IT operating model and facilitate the development of technology policies and standards, conduct and oversee risk assessments, and ensure compliance with applicable regulatory and legal requirements in alignment with industry best practices.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Responsible for leading internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes including IT SOX compliance. Leverage industry best practices,

regulatory standards and frameworks including, but not limited to: FFIEC CAT, CIS, ISO 27001/2, COBIT, ITIL, NIST, PCI-DSS, SOX, etc. in maintaining a robust IT governance program for Umpqua.

• Drive continuous improvement through advance knowledge of the field of IT and Cybersecurity risk management processes (information inventory management, information assurance data collection, analysis, mitigation, and reporting). Responsible for coaching, reviewing, and approving risk and control due diligence assessment reports.

• Oversee monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status update and risk profile dashboards including current and desired future state of control maturity. Identify trends and early indicators in issues and escalate or report to management as appropriate.

• Responsible for advising technology leadership and teams on IT risk management issues including risk and control gap assessments and developing mitigation strategies.

• Responsible for staying current with industry best practices frameworks, regulatory, and legal requirements relevant to the processes associated with IT and Cybersecurity risk management. Drive the creation and administration of policies, standards, procedures, job aids and processes.

• Facilitate and liaise with technology leaders, key corporate risk groups (including Internal Audit, Corporate Compliance, Enterprise Risk Management, Legal) to ensure TAG is aligned with these groups and meeting obligations.

• Demonstrates compliance with all bank regulations for assigned job function and applies to designated job responsibilities – knowledge may be gained through coursework and on-the-job training. Keeps up to date on regulation changes.

• Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.

• Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security and other regulations as applicable to this job description.

• May be asked to coach, mentor, or train others and teach coursework as subject matter expert.

• Actively learns, demonstrates, and fosters the Umpqua corporate culture in all actions and words.

• Takes personal initiative and is a positive example for others to emulate.

• Embraces our vision to become "The World's Greatest Bank."

• May perform other duties as assigned.

SUPERVISORY RESPONSIBILITIES 4

REQUIRED KNOWLEDGE, SKILLS AND ABILITIES

• Bachelor’s degree in Computer Science, or equivalent field, required.

• CISA, CRISC, CISSP, CISM, or SANS GIAC (GSNA, etc.) Certification, required.

• 8+ years of experience in or a combination of information security, IT audit, or information technology operations, required.

• 3 – 5 years of supervisory/management experience, required.

• Proven strong leadership abilities with the capability to develop, coach, and guide IT GRC team members.

• Extensive experience in risk management processes including IT and information security management and expertise in reviewing System and Organization Controls (SOC) reports (or equivalent). Experience evaluating controls relative to IT and information security frameworks such as CIS, ISO 27002, SOX, NIST 800 series, or financial services regulatory frameworks such as the FFIEC IT booklets and Cybersecurity Assessment Tool (CAT).

• Proficient with systems and network concepts and architecture including: protocols, access, authorization, configuration, and design.

• Advanced understanding of information security concepts including: encryption, access controls, network security, security operations, security architect, threat modeling and design.

• Extensive knowledge of applicable regulatory and industry requirements including, FFIEC IT Handbook, PCI DSS, GLBA, SOX, and HIPAA.

• Ability to operate in a cross-functional environment, build, and foster relationships with other departments and stakeholders.

• Ability to anticipate and respond to changing priorities and operate effectively in a dynamic demand-based environment; demonstrate extreme flexibility and responsiveness.

PHYSICAL AND ENVIRONMENTAL DEMANDS

• Office environment – no specific or unusual physical or environmental demands.

• Occasional travel.

About Us

We do things a little differently here at Umpqua. Our retail stores serve as community hubs, our associates are given up to 40 hours of volunteer time each year, and we're never satisfied with the status quo. It's no wonder we've made "Fortune's 100 Best Companies to Work For" eight years in a row. But greatness has no finish line, so we continue every day to keep people at the center of everything we do. We focus on building relationships, understanding our customers' needs and connecting to people in new and innovative ways -- always staying true to our mission of providing personalized banking for all people, whenever and however they prefer to bank.

Umpqua Bank is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, protected veteran status, or disability. We maintain a drug-free workplace and may perform pre-employment substance abuse testing.

*LI-UP