Information Security Risk Manager

Watch here to see what it's like to work at Red Wing Shoe Company.

Red Wing Shoe Company is based in Red Wing, Minnesota, just 40 minutes from St. Paul, where our corporate office sits along the Mississippi River in downtown Red Wing.  We are a global company with 2300 employees around the world, but we maintain a close-knit family atmosphere that comes with being a privately-held company. We’re rich in history and tradition, but innovation drives us to deliver best-in-class product solutions and highly rated customer experiences.  Focus on our employees and company culture results in meaningful employee engagement across the organization. Our Guiding Behaviors of Living our Values, Honoring our Brands, Inspiring our People, Centering on our Customers, and Preserving the long term success and legacy of our Company are the foundation on which we build our future.

Red Wing Shoe Company is looking for an experienced Information Security Risk Manager to join our team to manage Governance, Risk, and Compliance (GRC) activities within our Information Security Program. Reporting to the Director of Information Security, this role is focused on developing, maintaining, and managing Red Wing’s Information Security GRC processes and functions. The Information Security Risk Manager will drive information security risk identification, tracking, and remediation efforts internally and with critical third-party vendors and partners.

The Information Security Risk Manager will monitor Red Wing’s compliance with key security regulations and standards and provide risk consulting, guidance, and training to internal business and technical partners on security policies, standards, and regulations related to their business areas and projects.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Manage the information security risk management process, including identifying, assessing, mitigating, and monitoring risks.
• Oversee the PCI-DSS compliance program, ensuring payment channels remain compliant, resolving issues, and reporting annually.
• Build relationships with key business partners to address information security risks and implement effective remediation plans.
• Lead third-party and vendor risk management programs, ensuring external partner security and compliance are monitored and reported.
• Collaborate with cross-functional teams to ensure DevSecOps processes adhere to regulatory requirements, security policies, and controls.
• Develop and deliver user security awareness training and foster a strong security culture.
• Support vulnerability management, coordinating to identify, prioritize, and remediate security gaps.
• Establish and maintain security policies and standards aligned with the company’s security strategy.
• Monitor and report on the Information Security Program’s effectiveness, driving continuous improvement.
• Stay informed of industry best practices, regulatory requirements, and emerging threats to enhance the company’s security posture.

MINIMUM EDUCATION AND YEARS OF EXPERIENCE:

• A bachelor's degree in Information Security, Computer Science, or a related field.
• A minimum of 7 years of experience in information security, with a focus on risk management, GRC, and/or vulnerability management.
• Relevant professional certifications, such as CISSP, CISM, CRISC, or CISA, are preferred.

REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES:S)

• Experience managing and/or assessing information security risk management processes, GRC functions, and/or vulnerability management.
• Strong knowledge of, and experience managing, Payment Card Industry Data Security Standards (PCI-DSS) compliance.
• Strong knowledge of information security principles, best practices, and industry standards, such as CIS Critical Security Controls, ISO 27001, NIST, and GDPR.
• Experience performing technical risk analysis using quantitative risk methodologies, such as FAIR (Factor Analysis of Information Risk)
• Familiarity with third-party and vendor risk management concepts, processes, and tools.
• Experience developing and delivering security awareness training programs for a diverse audience.
• Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
• Strong documentation, planning, negotiation, work prioritization and organizational skills.
• Team player willing and able to promote a working environment that encourages and increases collaboration, clarity, and innovation.

Red Wing Shoes is an Equal Opportunity Employer.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
Individuals with disabilities needing assistance in completing an application may contact [email protected] or call 651-388-8211.

Please view Equal Employment Opportunity Posters provided by OFCCP at https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm

All offers of employment are contingent on satisfactory results of a background check.

Red Wing Shoe Company, Inc. is a drug-free workplace.

Red Wing Shoe Company will not be using recruitment agencies or firms to fill this position and we will not accept unsolicited resumes or candidate information. No agency calls please.

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)