×
Register Here to Apply for Jobs or Post Jobs. X

Manager, Information Security Assurance Services

Job in Coeur d'Alene, Coeur d Alene, Kootenai County, Idaho, 83814, USA
Listing for: Thrivent
Full Time position
Listed on 2026-07-07
Job specializations:
  • IT/Tech
    Information Security, Cybersecurity, IT Project Manager
Salary/Wage Range or Industry Benchmark: 146428 - 198108 USD Yearly USD 146428.00 198108.00 YEAR
Job Description & How to Apply Below
Location: Coeur d'Alene

The Manager, Information Security Assurance Services is responsible for leading the design, build, and continuous maturation of the program. This role requires a proven track record of establishing and scaling information security assurance capabilities, including control frameworks, regulatory compliance, audit readiness, information security awareness, policy governance, third‑party risk management, and Payment Card Industry Data Security Standards (PCI DSS). The leader will oversee a team accountable for executing and evolving assurance processes, with a clear mandate to drive automation, standardization, and gain operational efficiency across all Assurance Services products and services.

The role partners closely with business, technology, and regulatory stakeholders to ensure controls are effectively implemented, measured, and aligned to organizational risk tolerance and regulatory requirements. The ideal candidate brings demonstrated experience building GRC programs from the ground up and advancing them to a mature, technology‑enabled function, leveraging automation, integrated tooling, and data‑driven insights to reduce manual effort, improve control effectiveness, and enhance transparency.

This role will be responsible for executing the strategic direction, establishing scalable processes, and ensuring the team delivers consistent, high‑quality outcomes that strengthen the organization’s overall security posture and resilience.

Job Duties and Responsibilities
  • Program leadership across assurance domains — Lead and continuously mature governance, controls design and testing, audit and regulatory response, security awareness, policy governance, third‑party/vendor risk management (TPRM), and the PCI DSS program, with full accountability for adherence to established controls, policies, and regulatory requirements.
  • Hands‑on subject matter expertise — Serve as the team's go‑to expert across information security assurance disciplines. Step in as an active contributor on control narratives, audit walkthroughs, regulator engagements, and remediation plans when program needs demand it.
  • Control framework ownership — Build, maintain, and continuously improve the control framework, ensuring alignment with NYDFS Part 500, NIST Cybersecurity Framework, CIS Controls, HIPAA, FDIC, PCI DSS v4.x, and other applicable standards. Maintain control libraries, control‑to‑framework mappings, and a defensible evidence model.
  • Audit and regulatory response — Direct the end‑to‑end response to internal audits, external audits, regulatory examinations, and PCI engagements. Personally review high‑risk responses, evidence packages, and management responses prior to submission.
  • PCI DSS program oversight — Provide senior oversight and governance of the PCI DSS v4.x program, including scope validation, strategy, control implementation, ISA coordination, AOC/ROC readiness, compensating controls, and establish a clear multi‑year roadmap to support enterprise goals.
  • Third‑party risk management — Mature the TPRM program including inherent risk tiering, due diligence depth‑of‑review, contractual security requirements, ongoing monitoring, fourth‑party visibility, and concentration risk reporting.
  • Policy governance — Own the enterprise information security policy governance (policies, standards, procedures, guidelines), including a defined lifecycle, exception management, ownership accountability, and executive committee approval cadence.
  • Security awareness — Direct the strategy, content, and measurement of the enterprise information security awareness program, including annual training, role‑based training, phishing simulations, and Cybersecurity Awareness Month (CSAM) campaigns and activities.
  • Executive translation and stakeholder partnership — Translate strategic priorities, regulatory expectations, and informal executive conversations into structured roadmaps, OKRs, deliverables, sprint commitments, and team execution plans. Partner with business, technology, regulatory stakeholders, and third parties to communicate complex issues, drive alignment on contentious topics, and advocate for business‑aligned outcomes.
  • People leadership…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary