We are seeking Threat Oversight Officer to join our Compliance team. The threat oversight officer critically reinforces the organization's second line of defense (2LoD) framework, and is responsible for providing independent oversight, rigorous challenge, and governance of cybersecurity risk across the bank, while ensuring cybersecurity risks are identified, assessed, monitored, and reported, in alignment with the bank's risk appetite, regulatory obligations (GLBA, FFIEC, OCC/FDIC), and industry best practices. 

The geographical location for this position is Spokane, WA.

Base Salary Range:

 $100,884.00 - $126,105.00 - $151,326.00 annual

The Role at a Glance:

• Oversees and maintains the Cybersecurity Risk Management Framework, aligning to FFIEC, NIST CSF, and the bank’s Information and Cyber Security Program.
• Maintains and continuously updates cyber risk taxonomies, classification models, and impact assessment criteria.
• Independently reviews and challenges 1LoD cybersecurity risk assessments, control self-assessments (CSAs), and remediation plans.
• Provides formal risk opinions on major technology initiatives, digital transformation efforts, and cloud or third-party onboarding.
• Leads and/or supports thematic reviews of cybersecurity initiatives and emerging risk areas (e.g., zero trust architecture, multi-factor authentication (MFA) implementation, and AI usage) to evaluate risk exposure, control effectiveness, and alignment with security standards.
• Develops and maintains cybersecurity risk metrics and key risk indicators (KRIs) to ensure alignment with the organization’s risk appetite.
• Prepares and delivers executive and board-level risk reporting, highlighting trends, emerging threats, and control gaps.
• Leads and oversees the annual planning of security testing activities to ensure appropriate coverage of key systems and risks.
• Reviews and monitors risk acceptances, control exceptions, audit/regulatory findings, and enforce timely remediation of items. Ensures risk acceptance processes include clear compensating controls, expiration timelines, and documented approvals.
• Provides independent cyber risk oversight for third-party vendors, especially those handling sensitive data or key infrastructure.
• Supports cybersecurity components of internal audits and regulatory examinations (e.g., FDIC, OCC, FFIEC).
• Leads and manages the Bank’s Threat Intelligence program and Information and Cyber Security Council.
• Maintains up-to-date understanding of evolving cybersecurity regulatory expectations.

Core Skills and Qualifications:    

• Bachelor’s degree in Information Security, Risk Management, Information Technology or related field  required.
• 5 years of recent and progressive knowledge and experience in a cybersecurity, IT risk management, or audit role within a financial services environment
• Professional certifications as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Microsoft Azure or equivalent preferred.
• Equivalent combination of education, training, certifications, and/or relevant work experience may be considered.
• Provide an exceptional level of service for internal and external customers, with the ability to build and maintain positive, professional relationships, to successfully interact with all levels of management and functional and cross-functional areas across the organization.
• Excellent listening, verbal, written, and visual communication skills, with the ability to translate complex risk information into clear, actionable reporting and presentations for technical and non-technical audiences. Ability to read, write, speak, and understand English well.
• Strategic in approach to problem solving and decision-making, with demonstrated ability to quickly focus on key issues and make decisions under pressure of time constraints.
• Strong analytical and critical thinking skills, with the ability to independently assess risk decisions and constructively challenge first-line assumptions and conclusions.
• Thorough knowledge and understanding of cybersecurity and regulatory frameworks, including NIST CSF, FFIEC guidance, ISO 27001/27005, SOX, and GLBA/Interagency Guidelines.
• Knowledge of the Three Lines of Defense operating model and its application in enterprise risk management, including coordination among business operations, independent risk oversight, and internal audit functions.
• Strong planning, organizational, time management, and follow-up skills, demonstrating a strong sense of urgency and ability to execute quickly, timely and efficiently; independently ensuring that priorities are set and commitments and deadlines are met with minimal direction and oversight.
• Unquestionable integrity in handling sensitive and confidential information required.
• Proficient and advanced use and understanding of MS Office products (Word, Excel, Outlook), with the ability to adapt to and learn new technologies quickly.

Work Environment/Conditions:

• Climate controlled office environment.
• Work involves being able to concentrate on the matter at hand, under sometimes distracting work conditions, and frequent employee and customer contacts and interruptions during the day.
• Work requires regular attendance, punctuality and adherence to agreed-upon schedule with willingness to work a flexible and/or rotating schedule and or extended hours as needed.

Physical Demands/Effort:

• Work may involve the constant use of computer screens, reading of reports, and sitting throughout the day.
• Ability to operate a computer keyboard, multi-line telephone, photocopier, scanner and facsimile which often requires dexterity of hands and fingers with repetitive wrist and hand motion.
• Typically sitting at a desk or table; intermittently standing, stooping, bending at the waist, walking, climbing, kneeling or crouching to file materials.
• Occasional lifting up to 20 lbs. (files, boxes, etc.).

At Heritage Bank, we work hard, but we also know how important it is to take time off to stay healthy, relax, and spend time doing what makes your heart happy!

As part of our team, you’ll enjoy a total rewards package, which includes base salary based on the role, experience, and skill set, along with an exceptional benefits package (medical, dental, vision, life insurance, 401(k), community volunteer time), and generous time off policy. Full-time team members receive a minimum of 10 paid vacation days annually* and eight hours of paid sick leave per month*, while also enjoying 11 paid holidays each calendar year, and an annual float day. *pro-rated from start date and/or hours worked. To view Benefits Summary: Apply > Current Openings > position > attachment.

The above statements are intended to describe the general nature and level of work being performed and are not an exclusive list of all qualifications for this position.

Heritage Bank is an Equal Opportunity Employer 

 All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, disability, or any other basis protected by applicable law. 

Job applicants have certain legal rights. Please click here for information regarding these rights. 

If you need assistance completing the online application, please email: HBRecruiting@HeritageBankNW.com 

Salary Range Disclaimer

The base salary range represents Heritage Bank’s current salary range for the position. Actual salaries will vary depending on factors including, but not limited to, qualifications, experience, and job performance. The range listed is just one component of Heritage Bank’s total compensation package for full time and part time employees. Depending on position, other total compensation rewards may include, monthly, quarterly or annual incentive, and/or bonuses.