Vice President of Information Security, Full-Time, Chelmsford, MA, Hybrid

Schedule

Monday- Friday 8:00a-5:00pm, Hybrid

What You’ll Do

Summary/Objective:

The role is responsible for developing, implementing, and managing the information security strategy and programs for the credit union. The ideal candidate will possess extensive expertise in security technologies and risk management frameworks, coupled with strong leadership abilities and a deep curiosity about the banking industry. This role ensures the protection of member data, credit union assets, and systems against cyber threats, data breaches, and other vulnerabilities. Reporting to the Chief Risk Officer (CRO), this position oversees a team of information security professionals and works closely with all departments to foster a security-focused culture, comply with industry standards, and adhere to regulatory requirements.

Essential Functions:

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Strategy and Governance: Develop and execute a comprehensive information security strategy that aligns with the credit union’s strategic goals and regulatory requirements. Oversee the development of security policies, standards, and guidelines for the credit union. Lead risk assessment activities, determining risk appetite, and prioritizing security initiatives based on risk levels and business impact.
• Security Operations: Oversee the design and operation of security measures, including firewalls, encryption, multi-factor authentication, and intrusion detection systems, to prevent unauthorized access, data breaches, and cyber attacks. In Coordination with the Director of Enterprise Resiliency, manage the credit union’s incident response plan, ensuring a rapid and effective response to security incidents, including containment, eradication, and post-incident reviews. Develop and implement a data loss prevention (DLP) strategy to protect sensitive customer and organizational data. Establish security baselines and monitoring protocols for detecting and responding to anomalous activity, potential threats, and insider risks.
• Vendor and Third-Party Management: Oversee relationships with Information Security Vendors and service providers, ensuring alignment with the credit union’s strategic objectives and ensure they cost effectively meet the needs of the organization. Assess and monitor third-party vendors' security practices, ensuring compliance with credit union standards. Conduct vendor security risk assessments, regularly reviewing contracts and service agreements to ensure adequate protection of credit union information.
• Team Leadership: Provide strong leadership to the Information Security team, fostering a culture of collaboration, innovation, and excellence. Mentor and develop team members to maximize their potential and drive performance. Create an environment that attracts and enables high performers to thrive.
• Risk Management and Compliance: Perform regular security risk assessments, ensuring the credit union is aware of its security posture and areas of vulnerability. Ensure compliance with regulatory requirements, supporting audit activities, and coordinating responses to regulatory and audit inquiries. Work with internal audit, legal, and compliance departments to identify risks and ensure robust controls.
• Security Awareness and Training: Develop and implement a comprehensive security awareness program for employees, educating them on security best practices, policies, and procedures. Organize regular training sessions and simulations (e.g., phishing simulations) to test and enhance the credit union’s security awareness.
• Executive Communication: Present Information Security initiatives, progress, and outcomes to the executive leadership team and board of directors. Serve as a trusted advisor on cyber security matters and provide strategic recommendations to support decision-making.

What You’ll Need

• Bachelor's Degree· Bachelor's degree in computer science, Information Technology, Cybersecurity or related field; advanced degree preferred or extensive experience
• Minimum of 10 years Information Security and Risk Management concepts, architecture, technologies, processes, and best practices. with at least 8 years in a leadership role within the banking or financial services sector.
• In-depth understanding of regulatory requirements, risk management frameworks, security technologies, and threat intelligence.
• Relevant security certifications such as CISSP, CISM, CISA, or CRISC are strongly preferred.

What We Do

DCU is the largest credit union headquartered in New England – serving more than one million members in all 50 states. With over 1,900 team members, we strive to make DCU a great place to work with an excellent work-life balance, and a community that cares.

DCU is an equal opportunity employer, and we value diversity, inclusion, and equity at our company. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. 

If you’re applying for a job and need a reasonable accommodation for any part of the employment process, please send an email to careers@dcu.org and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.

#INDMI