Senior Information Security Manager – Enterprise GRC & Cyber Risk Leadership at arenaflex (Remote, Full‑Time)

About arenaflex

arenaflex is a global leader in financial services, renowned for its innovative approach to digital transformation and its unwavering commitment to security, compliance, and customer trust. With a workforce spanning continents and a culture that celebrates curiosity, collaboration, and continuous learning, arenaflex empowers its employees to shape the future of secure finance. As the world becomes ever more interconnected, the need for robust information security and governance, risk, and compliance (GRC) frameworks has never been greater. This is your chance to join a forward‑thinking organization that places technology risk at the heart of its strategic agenda, while delivering world‑class products and services to millions of customers worldwide.

Why This Role Matters

In today’s hyper‑connected environment, cyber threats evolve at a breakneck pace. The Information Security Manager you will become is a pivotal member of arenaflex’s second‑line risk function, reporting directly to the Chief Risk Officer (CRO). You will partner with senior leaders, business owners, and technical teams to identify, assess, and mitigate information security risks across the enterprise. Your insights will shape board‑level discussions, influence strategic investments, and ensure that arenaflex remains resilient against emerging threats while complying with global regulatory standards.

Key Responsibilities

• Strategic Risk Oversight: Lead the independent, proactive governance of information security, network security, and business continuity risks that arise from technology initiatives, mergers, acquisitions, and day‑to‑day operations.
• Data‑Driven Audits: Design and execute risk‑based audits focused on security processes, network controls, and business continuity plans, delivering clear findings and actionable recommendations.
• Advanced Analytics: Conduct exploratory data analysis on large volumes of system logs and configuration data using SQL, Python, and Microsoft Power BI to uncover hidden risk patterns and trends.
• Metrics & Reporting: Develop and maintain risk‑based key risk indicators (KRIs) and performance metrics that provide continuous insight into risk posture and operational effectiveness for senior leadership, risk committees, and the board.
• Policy & Framework Alignment: Stay current with applicable regulations, standards, and industry best practices (e.g., ISO 27001, NIST RMF, COSO, COBIT) and ensure arenaflex’s security policies reflect these requirements.
• Program Development: Contribute to the design and enhancement of the enterprise risk management program, integrating initiatives such as Third‑Party Risk Assessments, Business Continuity Management, New Product Onboarding, and Post‑Merger Integration.
• Collaboration & Influence: Partner with cross‑functional stakeholders—including IT, legal, compliance, and business units—to embed security considerations early in project lifecycles and to drive a culture of risk awareness.
• Thought Leadership: Mentor junior risk analysts, lead risk workshops, and present findings to executive audiences, translating complex technical concepts into clear business implications.

Essential Qualifications

• Minimum 5 years of experience in risk management across at least two of the three lines of defense (operations, compliance, or audit).
• Demonstrated ability to identify risks, analyze issues, and extract actionable insights from large data sets through structured interviews and data mining.
• Strong knowledge of security domains, cloud security, data analytics, and incident response.
• Proficiency with at least one data mining/big‑data analytics tool (e.g., Microsoft Power BI, Tableau, SQL, Python, R, SAS).
• Excellent analytical, problem‑solving, and critical‑thinking abilities, with a meticulous attention to detail.
• Outstanding verbal, written, and interpersonal communication skills; ability to influence senior stakeholders without direct authority.
• Self‑starter mindset with the capacity to work independently in a remote environment while maintaining high productivity.

Preferred Qualifications & Certifications

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related discipline (advanced degree a plus).
• Professional certifications such as CISM, CISA, CRISC, CISSP, CCSK, CompTIA Cloud+, CCSP, or Purple Team certifications.
• Hands‑on experience with risk assessment methodologies and frameworks (e.g., FAIR, NIST RMF, ISO 27001, COSO, COBIT).
• Familiarity with regulatory guidance specific to the financial sector (e.g., OCC Guidelines, FFIEC IT Handbooks).
• Experience with governance, risk, and compliance platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC).
• Background in software engineering or data engineering, enhancing the ability to assess technical risk at the code and architecture level.

Core Skills & Competencies

• Technical Acumen: Deep understanding of network security controls, cloud architectures (AWS, Azure, GCP), and data protection mechanisms.
• Analytical Expertise: Ability to translate raw security data into meaningful risk narratives using statistical and visual analytics.
• Regulatory Insight: Knowledge of global compliance regimes and the ability to map technical controls to regulatory requirements.
• Collaboration: Proven track record of working effectively with cross‑functional teams, influencing outcomes, and driving consensus.
• Communication: Strong presentation skills, capable of delivering complex risk assessments to both technical and non‑technical audiences.
• Adaptability: Comfortable navigating a fast‑changing threat landscape and adjusting risk strategies accordingly.

Career Growth & Learning Opportunities

arenaflex invests heavily in the professional development of its employees. As an Information Security Manager, you will have access to:

• Continuous learning budgets for certifications, conferences, and advanced training.
• Mentorship programs pairing you with senior security leaders and CRO‑level executives.
• Opportunities to lead high‑visibility projects, such as enterprise‑wide risk assessments, cloud migration security reviews, and post‑merger integration risk programs.
• Cross‑functional rotations that broaden your expertise across compliance, audit, and operational risk domains.
• A clear promotion pathway toward senior leadership roles, including Director of Information Security, Chief Information Security Officer (CISO), or Head of Enterprise Risk Management.

Work Environment & Culture at arenaflex

arenaflex embraces a flexible, remote‑first work model that empowers you to deliver your best work from anywhere. Our culture is built on three pillars:

• Innovation: We encourage experimentation, provide cutting‑edge tools, and celebrate creative solutions to complex security challenges.
• Collaboration: Virtual “risk cafés,” cross‑team hackathons, and regular town‑hall meetings foster a sense of community and shared purpose.
• Integrity: Ethical decision‑making and transparency are at the core of everything we do, reinforcing trust with customers, regulators, and each other.

Our employees enjoy a supportive environment where work‑life balance is respected, and mental‑wellness resources are readily available. Whether you prefer structured routines or flexible schedules, arenaflex provides the autonomy you need to thrive.

Compensation, Perks & Benefits

While specific salary ranges are competitive and commensurate with experience, arenaflex offers a comprehensive benefits package that includes:

• Base salary plus performance‑based bonuses.
• Health, dental, and vision insurance with generous employer contributions.
• Retirement savings plans with matching contributions.
• Paid time off, parental leave, and flexible holidays.
• Remote‑work stipend covering home‑office equipment, internet, and coworking space access.
• Professional development allowance for certifications, courses, and industry conferences.
• Employee assistance programs, wellness initiatives, and mental‑health resources.
• Employee stock purchase plans and equity participation for eligible staff.

How to Apply

If you are a proactive, data‑driven security professional ready to influence enterprise risk at a global financial institution, we want to hear from you. Join arenaflex’s mission to protect the future of finance while advancing your own career.

Apply Job!