POSITION SUMMARY
Responsible for leading the development, implementation, and maintenance of a comprehensive information security program. Ensure balance between system functionality and secured data while serving as the Information Security Officer. Manage the information security team. Support a sales and service culture.
ESSENTIAL FUNCTIONS
- Lead and provide strategic direction for information security initiatives across the credit union.
- Define IT security requirements and implement effective solutions.
- Continuously evaluate, implement, and manage security tools and administration systems.
- Partner with internal stakeholders (IS, physical security, risk, HR, compliance) on security-related matters and ensure compliance with emerging threats.
- Develop and maintain security policies, standards, and procedures.
- Oversee compliance monitoring and improvement to meet internal and regulatory requirements.
- Collaborate with third-party vendors to assess the credit union's security posture and implement necessary remediation.
- Lead risk assessments, incident response, and the selection of security controls.
- Manage the information security team, assigning tasks and ensuring work quality.
- Stay current with cybersecurity threats and innovations, ensuring cutting-edge security practices.
- Oversee incident response, ensuring readiness and quick resolution of incidents.
- Develop and maintain third-party risk management processes, ensuring vendors meet security standards.
- Manage the information security budget, ensuring resources are effectively allocated.
- Oversee security for cloud services, ensuring compliance and data protection.
- Ensure integration of security measures into business continuity and disaster recovery plans.
- Maintain compliance with data privacy regulations (e.g., GDPR, CCPA).
- Act as the liaison for audits and regulatory exams, ensuring prompt remediation of findings.
- Foster a security-aware culture across the organization.
- Maintain knowledge of and comply with the Bank Secrecy Act as it relates to this position.
- Perform other duties as assigned by management.
KNOWLEDGE, SKILLS, AND ABILITIES
- Ability to read and write.
- Ability to count and deal with numbers and details effectively.
- Ability to deal effectively with employees, other people and outside agencies, at all levels, orally, in writing, or by phone.
- Ability to provide courteous and professional service to employees.
- Ability to effectively and efficiently communicate orally, in writing, and by phone.
- Ability to analyze situations related to position and make sound decisions.
- Ability to learn, apply, and communicate knowledge of credit union products, services, loan policies and procedures.
- Ability to develop programs and resolutions that solve data processing-related business problems.
- Ability to input and retrieve data from computer.
- Ability to use a calculator.
- Ability to type accurately.
- Ability to use and learn office machines (i.e., copier, fax, terminals).
- Ability to be self-directed, self-motivated and a team player.
- Proven leadership skills.
- Excellent communication skills.
- Solid organizational skills.
- In-depth knowledge of network and application security, including IDS/IPS, firewalls, VPN, SIEM, EDR, SOAR, DLP, encryption, email security, and multi-factor authentication.
- Knowledge of security audits, regulations, and industry frameworks (Gramm-Leach Bliley, PCI, NIST, ISO, CIS, MITRE).
TRAINING AND EXPERIENCE
Bachelor’s degree in Information Technology or related field. CompTIA-Security+ required. CISM, CCSP, or CISSP certification strongly preferred. Minimum of five (5) years’ experience in security administration within mission-critical environments. Minimum of three (3) years’ experience integrating security into business continuity and disaster recovery strategies. Three (3) years’ supervisory experience in a managerial capacity.
Salary: DOE
FLSA Status: Exempt
Reports to: CTO
Location: Perkins Branch
#J-18808-Ljbffr