Information Security Risk Manager

Red Wing Shoe Company

Information Security Risk Manager

Red Wing, MN
Full Time
Paid
  • Responsibilities

    Job Description

    The targeted hiring range for this full-time position is $116,400 - $157,100 depending on qualifications; however, the expanded salary range provides opportunities for advancement. Our salary ranges are determined by role, level, and job location. Within the range, individual pay is determined by factors including job-related skills, competencies, experience, and relevant education, training or a combination of these things and market demand. Your recruiter can share more about the specific salary range and benefits for your location during the hiring process.

    Our comprehensive benefits package for full-time employees includes medical, dental, and vision coverage, along with health savings and flexible spending accounts, life and disability insurance, generous paid time off and holidays, a 401(k) match, employee discounts, and valuable well-being benefits like free EAP services, financial planning assistance, and well-being coaching all designed to support your health and financial security.

    Red Wing Shoe Company is looking for an experienced Information Security Risk Manager to join our team to manage Governance, Risk, and Compliance (GRC) activities within our Information Security Program. Reporting to the Director of Information Security, this role is focused on developing, maintaining, and managing Red Wing’s Information Security GRC processes and functions. The Information Security Risk Manager will drive information security risk identification, tracking, and remediation efforts internally and with critical third-party vendors and partners.

    The Information Security Risk Manager will monitor Red Wing’s compliance with key security regulations and standards and provide risk consulting, guidance, and training to internal business and technical partners on security policies, standards, and regulations related to their business areas and projects.

    ESSENTIAL DUTIES AND RESPONSIBILITIES

    • Manage the information security risk management process, including identifying, assessing, mitigating, and monitoring risks.
    • Oversee the PCI-DSS compliance program, ensuring payment channels remain compliant, resolving issues, and reporting annually.
    • Build relationships with key business partners to address information security risks and implement effective remediation plans.
    • Lead third-party and vendor risk management programs, ensuring external partner security and compliance are monitored and reported.
    • Collaborate with cross-functional teams to ensure DevSecOps processes adhere to regulatory requirements, security policies, and controls.
    • Develop and deliver user security awareness training and foster a strong security culture.
    • Support vulnerability management, coordinating to identify, prioritize, and remediate security gaps.
    • Establish and maintain security policies and standards aligned with the company’s security strategy.
    • Monitor and report on the Information Security Program’s effectiveness, driving continuous improvement.
    • Stay informed of industry best practices, regulatory requirements, and emerging threats to enhance the company’s security posture.
  • Qualifications

    Qualifications

    MINIMUM EDUCATION AND YEARS OF EXPERIENCE:

    • A bachelor's degree in Information Security, Computer Science, or a related field.
    • A minimum of 7 years of experience in information security, with a focus on risk management, GRC, and/or vulnerability management.
    • Relevant professional certifications, such as CISSP, CISM, CRISC, or CISA, are preferred.

    REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES:S)

    • Experience managing and/or assessing information security risk management processes, GRC functions, and/or vulnerability management.
    • Strong knowledge of, and experience managing, Payment Card Industry Data Security Standards (PCI-DSS) compliance.
    • Strong knowledge of information security principles, best practices, and industry standards, such as CIS Critical Security Controls, ISO 27001, NIST, and GDPR.
    • Experience performing technical risk analysis using quantitative risk methodologies, such as FAIR (Factor Analysis of Information Risk)
    • Familiarity with third-party and vendor risk management concepts, processes, and tools.
    • Experience developing and delivering security awareness training programs for a diverse audience.
    • Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
    • Strong documentation, planning, negotiation, work prioritization and organizational skills.
    • Team player willing and able to promote a working environment that encourages and increases collaboration, clarity, and innovation.

    Additional Information

    Red Wing Shoes is an Equal Opportunity Employer .

    Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
    Individuals with disabilities needing assistance in completing an application may contact rwsc.recruitment@redwingshoes.com or call 651-388-8211.

    Please view Equal Employment Opportunity Posters provided by OFCCP at https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm

    All offers of employment are contingent on satisfactory results of a background check.

    Red Wing Shoe Company, Inc. is a drug-free workplace.

    Red Wing Shoe Company will not be using recruitment agencies or firms to fill this position and we will not accept unsolicited resumes or candidate information. No agency calls please.

    The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

  • Industry
    Retail