IT GRC & Security Risk Manager

Title: IT GRC & Security Risk Manager

Location: Des Moines, Iowa

Type: Direct Hire

Pay: $125,000 - $135,000

Job Description:

The IT GRC & Security Risk Manager leadership role is responsible for overseeing the integration of Governance, Risk, Compliance (GRC), IT Security, and Audit functions. This position will have oversight and course set strategic direction for IT security operations, risk management, and compliance, ensuring alignment with regulatory requirements and industry best practices. The manager will lead the development and compliance of IT governance, security policies, and standards, working closely with cross-functional teams, including Legal, Risk, Audit, and Technology departments. Additionally, they will oversee asset management, identity access management, and audit remediation, and drive continuous improvement in the organization's security posture, risk mitigation strategies, and the ongoing maturity of security and compliance frameworks.

Responsibilities:

• Develops and oversees the implementation of the enterprise-wide IT security strategy, ensuring alignment with business objectives and regulatory requirements.
• Oversees the design, implementation, and maintenance of robust security architectures and frameworks to ensure resilience against cyber threats.
• Manages the development, implementation, and compliance of information security policies, procedures, and standards to protect critical assets.
• Leads and directs security operations, including threat detection, incident response, and vulnerability management, ensuring timely remediation of security incidents.
• Oversees the audit and compliance programs, ensuring adherence to internal controls, regulatory standards, and audit requirements.
• Collaborates with cross-functional teams and external partners to enhance the organization's cybersecurity posture, including managing relationships with regulators and auditors.
• Provides strategic leadership for identity and access management (IAM) programs, ensuring secure and efficient access to IT resources.
• Leads the continuous improvement of IT governance practices, driving innovation and process optimization in compliance and security operations.
• Directs the integration of security and compliance considerations into the software development lifecycle and IT infrastructure projects.
• Mentors and develops security and compliance staff, fostering a culture of professional growth and continuous learning.
• Develops and maintains reporting mechanisms to communicate the organization's security and compliance posture to senior management and the board of directors.
• Acts as a thought leader in IT security and compliance, staying abreast of emerging threats, technologies, and best practices to continuously enhance the organization's capabilities.
• Performs other duties as assigned.

• Four-year degree in a related field is required
• At least ten years of relevant experience or equivalent combination of experience and education
• Prior supervisory experience is required
• CISSP, CISM, CRISC, or equivalent certifications
• Proven track record of strategic leadership in IT security and compliance, preferably in the banking or financial services industry
• Experience as a security professional with proven people management and leadership skills within the security industry
• Experience with security tools and platforms, including SIEM, IPS/IDS, DLP, Application Whitelisting, Email Security, Endpoint and Server protection, Network protection, Firewalls, etc.
• Extensive experience in cyber threat and vulnerability analysis and remediation
• Significant experience involving internal and external penetration testing and application testing

• Prior working experience in the banking industry is preferred
• 4+ years of experience in any of the following security and control frameworks is preferred
  • NIST Cybersecurity Framework, CRI Profile CIS, NIST, FFIEC IT Examination Handbook, MITRE Telecommunication&CK or COBIT

Welcome to ConsultNet and the family of companies, Tekne, SaltClick, TechBridge, and OmniMedia. As a premier national provider of technology talent and solutions, our expertise spans across project services, contract-to-hire, direct placement, and managed services both onshore and nearshore.

Celebrating more than 25 years of partnership with a diverse client base, we've crafted rewarding opportunities for our consultants, fostering high-performing teams that deliver impactful results.

Over the last few years thousands of consultants have found their calling with us in roles that have made a meaningful impact on their lives, enhanced their career, challenged them, and propelled them towards achieving their personal and professional goals. At the ConsultNet family of companies, we believe effective communication is crucial in aligning the right job with your unique skills and professional aspirations. To us, it's all about the personal approach we take and the values we uphold.

Our comprehensive service offerings cover a wide range of technology positions across key markets nationwide. Client more at

We champion equality and inclusivity, proudly supporting an Equal Opportunity Employer policy. We welcome applicants regardless of Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other status protected by law.