Information Security Risk Manager

The targeted hiring range for this full-time position is $116,400 - $157,100 depending on qualifications; however, the expanded salary range provides opportunities for advancement. Our salary ranges are determined by role, level, and job location. Within the range, individual pay is determined by factors including job-related skills, competencies, experience, and relevant education, training or a combination of these things and market demand. Your recruiter can share more about the specific salary range and benefits for your location during the hiring process.Our comprehensive benefits package for full-time employees includes medical, dental, and vision coverage, along with health savings and flexible spending accounts, life and disability insurance, generous paid time off and holidays, a 401(k) match, employee discounts, and valuable well-being benefits like free EAP services, financial planning assistance, and well-being coaching all designed to support your health and financial security.Red Wing Shoe Company is looking for an experienced Information Security Risk Manager to join our team to manage Governance, Risk, and Compliance (GRC) activities within our Information Security Program. Reporting to the Director of Information Security, this role is focused on developing, maintaining, and managing Red Wing’s Information Security GRC processes and functions. The Information Security Risk Manager will drive information security risk identification, tracking, and remediation efforts internally and with critical third-party vendors and partners.The Information Security Risk Manager will monitor Red Wing’s compliance with key security regulations and standards and provide risk consulting, guidance, and training to internal business and technical partners on security policies, standards, and regulations related to their business areas and projects.ESSENTIAL DUTIES AND RESPONSIBILITIESManage the information security risk management process, including identifying, assessing, mitigating, and monitoring risks.Oversee the PCI-DSS compliance program, ensuring payment channels remain compliant, resolving issues, and reporting annually.Build relationships with key business partners to address information security risks and implement effective remediation plans.Lead third-party and vendor risk management programs, ensuring external partner security and compliance are monitored and reported.Collaborate with cross-functional teams to ensure DevSecOps processes adhere to regulatory requirements, security policies, and controls.Develop and deliver user security awareness training and foster a strong security culture.Support vulnerability management, coordinating to identify, prioritize, and remediate security gaps.Establish and maintain security policies and standards aligned with the company’s security strategy.Monitor and report on the Information Security Program’s effectiveness, driving continuous improvement.Stay informed of industry best practices, regulatory requirements, and emerging threats to enhance the company’s security posture.