Job List

Local job opportunities are currently posted for the benefit of our members. If your organization has 
an open position that you would like to post here,  please send an e-mail to the President using the Contact Us Page.

Senior CyberSecurity Policy and Standards Engineer

The Senior Information Security Risk Oversight Engineer evaluates, tests, recommends, develops, coordinates, and monitors information systems (IT) and cyber security policies, procedures and systems, including access management for hardware, firmware and software. The Senior Information Security Risk Oversight Professional works assignments involve moderately complex to complex issues where the analysis of situations or data requires an in-depth evaluation of variable factors.

Responsibilities include:

The Senior Information Security Risk Oversight Engineer helps to ensure that IT and cyber security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IT standards and overall IT and cyber security. Identifies security risks and exposures, determines the causes of security weaknesses and suggests procedures to halt future incidents and improve security. Develops techniques and procedures for conducting IT and cyber security risk assessments and compliance audits, the testing for possible impact on system security, and the investigation and resolution of security incidents.  Implements IT and cyber security policies and takes measures against intrusion, frauds, attacks or leaks.  Begins to influence department’s strategy. Makes decisions on moderately complex to complex issues regarding technical approach for project components, and work is performed without direction. Exercises considerable latitude in determining objectives and approaches to assignments.

In this position, you will work closely with areas such as information technology, information protection, data governance, privacy, compliance, vendor management, and first line risk management teams

  • Partners with operational leaders and SMEs to understand strategy and approach to information security risk management.
  • Stays current on information security and technology trends including threats, vulnerabilities, and controls/solutions.
  • Assesses the quality of the controls of company and helps to ensure adherence to policies and standards.
  • Evaluates information security and data governance and evaluates processes and controls for design, operational effectiveness, and alignment to industry standard frameworks.
  • Advises and consults with business partners on information security risk management to help inform direction and decision making.
  • Develops and reports metrics that provide transparency about risks and controls associated with IT and data risks.  Makes reports and data visible to stakeholders and communicates to appropriate committees.
  • Coordinates with data privacy and compliance areas to help ensure applicable data protection requirements are implemented.
  • Partners with the company vendor risk management and business continuity teams to assess the cyber resiliency and information security risk management posture of our supply chain.

Competencies for the role:

  • Understanding of data protection and privacy regulatory environment and requirements
  • Experience in understanding technology strategies and identifying/reviewing risk management plans
  • Skilled at evaluating security policies, standards, and best practices
  • Skilled at identifying security risks and exposures, determines the causes of security weaknesses and suggests procedures to halt future incidents and improve security
  • Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances
  • Excellent communication skills with the ability to influence others
  • Analytical and problem solving skills


Required Qualifications

  • Bachelor's Degree or equivalent work experience
  • 5+ years of related experience in Information Security, Information Assurance, Risk Management, Audit and/or Information Technology risk and controls
  • 3 or more year of Information Security assessment or compliance experience

Preferred Qualifications

  • Master's Degree in Computer Science, Information Technology or a related field
  • Certifications: CISA, CISSP, HCISPP, CCSP, CRISC, and/or CISM

Scheduled Weekly Hours


Job Requisition ID


For more information or to apply, please follow this link

Chief Risk Officer (CRO)

 The CRO is a key position at a Nashville Bank and is primarily responsible for oversight of Enterprise Risk Management, including Compliance Management and BSA/AML Compliance Programs, IT Security, fraud mitigation, third party vendor risk management and change control.  The CRO will assess areas of concern identified by the bank’s various business unit managers and inform management team and Audit Committee of mitigation efforts needed or implemented.

 Job Duties and Responsibilities: 

  • Coach, develop, direct, provide consistent feedback and conduct performance evaluations on those under direct supervision of the CRO
  • Develop and maintain an independent methodology for identifying, measuring, monitoring and reporting risk within all areas of the bank and any affiliates
  • Identify risk activities based on internal and external risk assessments
  • Proactively inform management and the Audit Committee of emerging risks facing the bank
  • Provide oversight for the bank’s Compliance Management Program, BSA/AML Compliance Program, Fair Lending, Internal Audit Program, IT security and fraud mitigation
  • Develop a deep understanding of the bank’s business strategies, policies, processes, risks and controls based on relevant audits, examinations and industry standards
  • Track findings from various internal and external audits and examinations and ensure corrective action has been taken
  • Provide risk updates to management, Risk Committee, Audit Committee and Board, including reports on Enterprise Risk Management, internal and external audit findings, compliance management, BSA compliance, IT security and fraud.
  • Ensure that all bank policies are reviewed and approved by the Board annually
  • Oversee the bank’s Enterprise Risk Management and Risk Assessment programs
  • Ensure that the banks’ training materials for Enterprise Risk Management related areas are current, relevant and sufficient for the size and risk tolerance of the bank
  • Coordination of the SOX program in consultation with COO and Director of Internal Audit.
  • Chair and conduct Risk Committee meetings
  • Participate in various committees including Change Control, Vendor Management, Tech Steering and Compliance
  • Contribute in establishing risk management policies, limits, standards, controls, metrics and thresholds in consideration of the bank’s strategic initiatives and goals
  • Coordinate internal and external audits as well as regulatory examinations
  • Perform other tasks and assignments as needed

 Job Requirements and Qualifications:

 BS/BA Degree in Business Administration, Accounting, Finance or Information Technology preferred

  • Minimum 10 years of banking/financial institution experience preferred ($2B - $10B asset size)
  • Strong proven experience as a subject matter expert in bank risk management, compliance, internal audit and/or information technology
  • CRMP or CERM certification preferred
  • Ability to develop strong, positive relationships with key business stakeholders and   demonstrate respectful, constructive dialog in mitigating material risks
  • Strong leadership ability to inspire and motivate others
  • Excellent written and oral communication skills and ability to address a diverse audience
  • Proficient in Microsoft Office (Access, Excel, PowerPoint, Outlook and Word)

Please contact Brandon Gilmore if you have any questions or interest in this position at 502.424.3126

Lead Digital Audit Consultant

This position reports to the VP, Director Internal Audit and is integral to the development and execution of the digital audit transformation strategy for the Internal Audit (IA) function. The Lead Digital Audit Consultant (LDAC) oversees the path and pace of development for advanced auditing techniques including data analytics, routine process automation (RPA), process mining, AI and machine learning. By growing our digital audit capabilities, the LDAC will help transform our audit methodology to a more agile, automated, and continuous auditing approach. The LDAC will partner with other IA team members to deploy digital audit procedures across a multitude of audit projects. These audits and consultations focus on improving business processes that enable management to achieve their business objectives while maintaining a strong internal control environment. The LDAC will help to upskill and evolve the individual competencies of the IA team as a whole.

What You Can Expect:

The LDAC is responsible for advancing digital audit capabilities, training IA team members, providing audit support, RPA development, and evaluating innovative digital audit concepts such as machine learning, process mining, continuous auditing, etc for the purpose of evaluating:

  • The adequacy of internal controls associated with business processes and the adherence of those processes to company policies and procedures
  • Governance and compliance around digital audit procedures such as Sarbanes-Oxley, Safe Harbor, data and information security, systems controls, GDPR, cyber security, etc.
  • The effectiveness and efficiency of operations, assuring that company resources are properly utilized.
  • The LDAC partners with the Digital Transformation and Continuous Improvement team to leverage internal resources and execute at scale.
  • The LDAC works with the VP, Director Internal Audit to strategically evaluate and deploy innovative audit tools and practices.
  • The LDAC directly assists in the work of IA team members and partners in setting the digital audit objectives, methodology, timeline, and project deliverables.
  • The LDAC prepares a variety of audit reports including Audit Committee updates for the VP, Director Internal Audit on a regularly scheduled basis.
  • The LDAC will participate in audits that will contribute to their knowledge of the Company’s operations and improve their understanding of the business. This includes being engaged in audits for different markets, locations, brands, departments, business units, and working with employees at all levels of the Company.
  • The LDAC will constantly strive to enhance the department through innovative thinking and implementing best practices in an effort to achieve a “best in class” Internal Audit department.
  • The LDAC is the department expert for digital audit tools and techniques and will continuously share knowledge and trainings with IA staff to enhance and upskill the competencies of the IA team as a whole. With this, the LDAC is responsible for technical knowledge transfer and back up support. The LDAC will provide support and feedback on a regular basis to other IA team members including the annual performance partnership.
  • The LDAC recruits premier individuals to the group and coaches them. Within the group, the Lead IT Audit Consultant instills an overall philosophy of audit quality, efficient use of time, and value-driving insights.

What Exactly Are We Looking For?

  • Bachelor's degree in Accounting, Finance, or related field and 8+ years of progressive financial experience.
  • Demonstrated knowledge and experience with digital tools and technologies including but not limited to Tableau, Power Automate, Alteryx, SAP, Excel, PowerPoint, etc.
  • Demonstrated ability to analyze complex situations and then provide clear concise direction with limited input from the VP, Director Internal Audit.
  • Demonstrated ability to analyze business process activities and map to underlying data sources to help develop creative audit solutions to improve efficiency and effectiveness.
  • Excellent leadership skills with the ability to manage and motivate audit staff and partners outside of IA to achieve superior performance. Ability to work at all levels and across multiple disciplines within the Company.
  • Excellent communication skills including the ability to clearly report results orally and in writing, and the ability to negotiate with clients in developing and implementing optimal action plans.
  • Demonstrated ability to develop and maintain effective business relationships in a team environment with internal and external contacts.
  • Excellent computer skills, with demonstrated ability to develop and apply spreadsheets, database, and graphic presentations.
  • Experience auditing the financial statements and business processes of a global company supported by accounting and financial systems within an ERP, network, and PC environment.
  • Demonstrated ability in a self-managed environment with a high degree of initiative & inquisitiveness.
  • Demonstrated ability to adhere to a strict code of ethics in handling confidential information.
  • Excellent organizational skills, including project management and planning. Demonstrated ability to execute multiple assignments to meet deadlines, completing work with accuracy.
  • Willingness and availability to work overtime to meet required deadlines and travel of 15%.

What Sets You Apart:

  • Data Science degree/experience, Master’s of Business Administration (MBA), Certified Public Accountant (CPA) and /or Certified Internal Auditor (CIA)
  • Previous experience working at a Big 4 public firm is desired.

Brown-Forman Corporation is committed to equality of opportunity in all aspects of employment. It is the policy of Brown-Forman Corporation to provide full and equal employment opportunities to all employees and potential employees without regard to race, color, religion, national or ethnic origin, veteran status, age, gender, gender identity or expression, sexual orientation, genetic information, physical or mental disability or any other legally protected status.

Business Area: Global Finance

City: Louisville

State: Kentucky

Country: USA

Req ID: JR-00003994

For more information or to apply, please follow this link

If you have any questions, please contact ISACA member Chrissy Evans at

Security Compliance Audit Manager (Louisville)

Job Duties and Responsibilities: 

  • Performs a range of audit activities for information systems and creates a resultant set of documents
  • Ensure that organizations have audit controls to monitor activity on electronic systems that contain or use ePHI.
  • Oversee periodic monitoring and reviewing of audit. This would include but is not limited to logons, file accesses, updates, edits and printing.
  • Oversee and audit terminated workforce members’ systems access.
  • Assists the Director of HIPAA Security with building a strategic and comprehensive HIPAA security program that minimizes risk and ensures integrity, confidentiality, and availability of ePHI.
  • Assists with the development and implementation of HIPAA and information security policies, standards and procedures. Work with key Information System offices, data custodians and governance groups in the development of such policies.
  • Educates workforce members on standards and procedures related to the security of ePHI.
  • Collaborate with the HIPAA Privacy Officer on compliance issues as necessary to ensure alignment between security and privacy compliance.
  • Track security incidents within an Incident Reporting and Response system to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
  • Assist with the completion of the HIPAA Security Assessment and other related assessment activities.
  • Serves as a HIPAA and information security consultant to all departments for data security related issues.
  • Assist in ensuring that the organization is following mandated HIPAA Security Rule requirements for administrative, technical and physical safeguards.
  • Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities

Please contact Brandon Gilmore if you have any questions or interest in this position at 502.424.3126



ISACA Job Board

ISACA has a global job board and many related resources available on their website. 

Check out: