Experienced Information Security Manager – Technology Risk & Compliance Oversight (GRC)
---
About arenaflex
At arenaflex, we believe in powering connections and creating meaningful experiences for our customers worldwide. As a globally recognized financial services leader, we are committed to delivering exceptional service while maintaining the highest standards of security, integrity, and compliance. Our mission is to create a secure and resilient operating environment that protects our customers, employees, and stakeholders in an increasingly digital world.
The Governance, Risk, and Compliance (GRC) team at arenaflex plays a pivotal role in ensuring that our organization operates safely and responsibly within regulatory expectations. In today's rapidly evolving digital landscape, technology risk management has become a critical priority at the highest levels of executive leadership. Cyberattacks and security threats continue to escalate in frequency and sophistication, making robust risk oversight more important than ever before.
Position Overview
We are currently seeking a highly skilled and experienced Information Security Manager to join our second-line technology risk oversight team within the GRC function. This role reports directly to the Chief Risk Officer (CRO) and offers a unique opportunity to work alongside a diverse team of talented professionals who are responsible for building our technology risk management program and providing independent risk oversight across technology, cybersecurity, and business continuity management domains.
This is an exceptional career opportunity for professionals who are passionate about cybersecurity, risk management, and compliance. You will play a crucial role in independently assessing and reporting on risks while providing a comprehensive view of total risk exposure to senior management, risk management committees, the Board of Directors, and regulatory bodies.
Key Responsibilities
As an Information Security Manager at arenaflex, you will be responsible for the following core functions:
Lead independent, proactive risk management and oversight of technology, cybersecurity, and business continuity management risks generated within business processes or arising from the use of technology solutions
Perform data-driven reviews focused on technology processes, cybersecurity controls, and business continuity management risks to identify gaps and improvement opportunities
Conduct exploratory data analysis on large sets of structured data using SQL, Python, and Excel to develop meaningful insights on cybersecurity and technology-related information
Develop and enhance data-driven key risk indicators (KRIs) and key performance indicators (KPIs) that provide real-time insights into risk and performance trends across the organization
Learn technology, cybersecurity, and business continuity management processes at arenaflex, demonstrating strong interest and readiness to present effective valid assessments to stakeholders
Stay current with relevant regulations, guidelines, and industry standards including OCC Enhanced Standards, FFIEC IT booklets, COSO, COBIT, ISO 27001, FAIR, and NIST RMF frameworks
Support the design of independent technology risk oversight programs that define integration with various risk management programs including Process Risk Self Assessments, Business Continuity Management, New Product Approval, and Mergers & Acquisitions
Collaborate effectively with key stakeholders across lines of business and lines of defense to ensure risks are managed effectively and efficiently according to company policies and applicable regulatory requirements
Communicate risk findings and recommendations clearly to senior management, risk committees, and board-level audiences
Challenge conventional thinking by actively engaging in constructive dialogue to improve risk management practices
Essential Qualifications
To be considered for this role, candidates must meet the following requirements:
Bachelor's degree in a related field such as Computer Science, Information Systems, or equivalent professional experience
Minimum 5 years of experience in risk management across any of the three lines of defense (first line, second line, or third line)
Demonstrated ability to identify risks, analyze issues, and derive meaningful insights about risk trends by conducting interviews and examining large volumes of data
Strong knowledge of infrastructure, cloud security, cyber threat intelligence, and cyber incident response areas
Excellent analytical skills with high attention to detail and accuracy
Proficiency in at least one data mining/big data analytics tool such as Microsoft Excel (Pivot Tables), SQL, SAS, Python, or R
Strong critical thinking and problem-solving skills with the ability to synthesize complex information
Self-motivation and ability to work with minimal supervision while meeting deadlines
Excellent verbal, written, and interpersonal communication skills with the ability to present technical concepts to non-technical audiences
Ability to challenge traditional thinking by actively engaging in constructive dialogue with stakeholders at all levels
Preferred Qualifications
Candidates with the following qualifications will be given preferential consideration:
Educational background in Computer Science or Information Systems
Experience in risk management across cybersecurity, information technology, third-party risk, and business continuity management
Industry certifications such as CISM, CISA, CRISC, or CISSP
Cloud security certifications including CCSK, CompTIA Cloud+, CCSP, or Azure Security
Understanding of risk assessment methodologies, techniques, and industry standards including COSO, COBIT, ISO 27001, FAIR, or NIST RMF
Knowledge of relevant policies and regulations including OCC Enhanced Standards and FFIEC IT booklets
Experience with Governance, Risk, and Compliance (GRC) tools
Career Growth and Development
At arenaflex, we are committed to the professional development and career growth of our employees. As an Information Security Manager, you will have access to numerous opportunities for advancement and skill development:
Leadership Development Programs designed to prepare high-potential employees for senior management roles
Continuous Learning Opportunities including formal training, certifications, and professional development courses
Exposure to Executive Leadership with regular interaction with C-suite executives and board-level committees
Cross-functional Collaboration working with diverse teams across technology, cybersecurity, legal, and business units
Industry Recognition through participation in industry conferences, working groups, and professional associations
Career Path Advancement with potential progression to Senior Manager, Director, or Chief Information Security Officer roles
Work Environment and Culture
arenaflex fosters an inclusive, collaborative, and innovative work environment where diverse perspectives are valued and celebrated. Our culture is built on the following core principles:
Integrity and Trust - We operate with transparency, honesty, and ethical behavior in everything we do
Customer Centricity - We are committed to delivering exceptional value to our customers and stakeholders
Teamwork and Collaboration - We believe in the power of working together to achieve common goals
Innovation and Excellence - We embrace change and continuously seek better ways to solve problems
Work-Life Balance - We support our employees' well-being with flexible work arrangements and comprehensive wellness programs
Our GRC team is composed of diverse and talented professionals who are passionate about protecting the organization and ensuring compliance with regulatory requirements. You will have the opportunity to work with industry experts, participate in meaningful projects, and contribute to the overall security posture of the organization.
Compensation and Benefits
arenaflex offers a competitive compensation package that includes:
Competitive Salary commensurate with experience and qualifications
Annual Bonus Program to reward performance and contributions
Comprehensive Health Benefits including medical, dental, and vision coverage
Retirement Savings Plan with company matching contributions
Paid Time Off including vacation, personal days, and holidays
Professional Development Reimbursement for certifications, training, and education
Employee Assistance Program for personal and professional support
Various Employee Perks and discounts on products and services
How to Apply
If you are a motivated professional with a passion for cybersecurity, risk management, and compliance, we encourage you to apply for this exciting opportunity at arenaflex. This is your chance to join a world-class team and make a meaningful impact on the organization's security posture.
To apply, please submit your updated resume and cover letter highlighting your relevant experience and qualifications. Our recruiting team will review all applications and contact qualified candidates for further consideration.
Join arenaflex today and become part of a team that values excellence, integrity, and innovation. We look forward to receiving your application!
About arenaflex
At arenaflex, we believe in powering connections and creating meaningful experiences for our customers worldwide. As a globally recognized financial services leader, we are committed to delivering exceptional service while maintaining the highest standards of security, integrity, and compliance. Our mission is to create a secure and resilient operating environment that protects our customers, employees, and stakeholders in an increasingly digital world.
The Governance, Risk, and Compliance (GRC) team at arenaflex plays a pivotal role in ensuring that our organization operates safely and responsibly within regulatory expectations. In today's rapidly evolving digital landscape, technology risk management has become a critical priority at the highest levels of executive leadership. Cyberattacks and security threats continue to escalate in frequency and sophistication, making robust risk oversight more important than ever before.
Position Overview
We are currently seeking a highly skilled and experienced Information Security Manager to join our second-line technology risk oversight team within the GRC function. This role reports directly to the Chief Risk Officer (CRO) and offers a unique opportunity to work alongside a diverse team of talented professionals who are responsible for building our technology risk management program and providing independent risk oversight across technology, cybersecurity, and business continuity management domains.
This is an exceptional career opportunity for professionals who are passionate about cybersecurity, risk management, and compliance. You will play a crucial role in independently assessing and reporting on risks while providing a comprehensive view of total risk exposure to senior management, risk management committees, the Board of Directors, and regulatory bodies.
Key Responsibilities
As an Information Security Manager at arenaflex, you will be responsible for the following core functions:
Lead independent, proactive risk management and oversight of technology, cybersecurity, and business continuity management risks generated within business processes or arising from the use of technology solutions
Perform data-driven reviews focused on technology processes, cybersecurity controls, and business continuity management risks to identify gaps and improvement opportunities
Conduct exploratory data analysis on large sets of structured data using SQL, Python, and Excel to develop meaningful insights on cybersecurity and technology-related information
Develop and enhance data-driven key risk indicators (KRIs) and key performance indicators (KPIs) that provide real-time insights into risk and performance trends across the organization
Learn technology, cybersecurity, and business continuity management processes at arenaflex, demonstrating strong interest and readiness to present effective valid assessments to stakeholders
Stay current with relevant regulations, guidelines, and industry standards including OCC Enhanced Standards, FFIEC IT booklets, COSO, COBIT, ISO 27001, FAIR, and NIST RMF frameworks
Support the design of independent technology risk oversight programs that define integration with various risk management programs including Process Risk Self Assessments, Business Continuity Management, New Product Approval, and Mergers & Acquisitions
Collaborate effectively with key stakeholders across lines of business and lines of defense to ensure risks are managed effectively and efficiently according to company policies and applicable regulatory requirements
Communicate risk findings and recommendations clearly to senior management, risk committees, and board-level audiences
Challenge conventional thinking by actively engaging in constructive dialogue to improve risk management practices
Essential Qualifications
To be considered for this role, candidates must meet the following requirements:
Bachelor's degree in a related field such as Computer Science, Information Systems, or equivalent professional experience
Minimum 5 years of experience in risk management across any of the three lines of defense (first line, second line, or third line)
Demonstrated ability to identify risks, analyze issues, and derive meaningful insights about risk trends by conducting interviews and examining large volumes of data
Strong knowledge of infrastructure, cloud security, cyber threat intelligence, and cyber incident response areas
Excellent analytical skills with high attention to detail and accuracy
Proficiency in at least one data mining/big data analytics tool such as Microsoft Excel (Pivot Tables), SQL, SAS, Python, or R
Strong critical thinking and problem-solving skills with the ability to synthesize complex information
Self-motivation and ability to work with minimal supervision while meeting deadlines
Excellent verbal, written, and interpersonal communication skills with the ability to present technical concepts to non-technical audiences
Ability to challenge traditional thinking by actively engaging in constructive dialogue with stakeholders at all levels
Preferred Qualifications
Candidates with the following qualifications will be given preferential consideration:
Educational background in Computer Science or Information Systems
Experience in risk management across cybersecurity, information technology, third-party risk, and business continuity management
Industry certifications such as CISM, CISA, CRISC, or CISSP
Cloud security certifications including CCSK, CompTIA Cloud+, CCSP, or Azure Security
Understanding of risk assessment methodologies, techniques, and industry standards including COSO, COBIT, ISO 27001, FAIR, or NIST RMF
Knowledge of relevant policies and regulations including OCC Enhanced Standards and FFIEC IT booklets
Experience with Governance, Risk, and Compliance (GRC) tools
Career Growth and Development
At arenaflex, we are committed to the professional development and career growth of our employees. As an Information Security Manager, you will have access to numerous opportunities for advancement and skill development:
Leadership Development Programs designed to prepare high-potential employees for senior management roles
Continuous Learning Opportunities including formal training, certifications, and professional development courses
Exposure to Executive Leadership with regular interaction with C-suite executives and board-level committees
Cross-functional Collaboration working with diverse teams across technology, cybersecurity, legal, and business units
Industry Recognition through participation in industry conferences, working groups, and professional associations
Career Path Advancement with potential progression to Senior Manager, Director, or Chief Information Security Officer roles
Work Environment and Culture
arenaflex fosters an inclusive, collaborative, and innovative work environment where diverse perspectives are valued and celebrated. Our culture is built on the following core principles:
Integrity and Trust - We operate with transparency, honesty, and ethical behavior in everything we do
Customer Centricity - We are committed to delivering exceptional value to our customers and stakeholders
Teamwork and Collaboration - We believe in the power of working together to achieve common goals
Innovation and Excellence - We embrace change and continuously seek better ways to solve problems
Work-Life Balance - We support our employees' well-being with flexible work arrangements and comprehensive wellness programs
Our GRC team is composed of diverse and talented professionals who are passionate about protecting the organization and ensuring compliance with regulatory requirements. You will have the opportunity to work with industry experts, participate in meaningful projects, and contribute to the overall security posture of the organization.
Compensation and Benefits
arenaflex offers a competitive compensation package that includes:
Competitive Salary commensurate with experience and qualifications
Annual Bonus Program to reward performance and contributions
Comprehensive Health Benefits including medical, dental, and vision coverage
Retirement Savings Plan with company matching contributions
Paid Time Off including vacation, personal days, and holidays
Professional Development Reimbursement for certifications, training, and education
Employee Assistance Program for personal and professional support
Various Employee Perks and discounts on products and services
How to Apply
If you are a motivated professional with a passion for cybersecurity, risk management, and compliance, we encourage you to apply for this exciting opportunity at arenaflex. This is your chance to join a world-class team and make a meaningful impact on the organization's security posture.
To apply, please submit your updated resume and cover letter highlighting your relevant experience and qualifications. Our recruiting team will review all applications and contact qualified candidates for further consideration.
Join arenaflex today and become part of a team that values excellence, integrity, and innovation. We look forward to receiving your application!