Vice President, Information Security

Rudy Hanley Campus I, United States

SchoolsFirst Federal Credit Union

View all jobs at SchoolsFirst Federal Credit Union

Apply now Apply later

We’re always looking for diverse, talented, service-oriented people to join our exceptional team.

Vice President, Information Security

Scheduled Weekly Hours:

40

Salary Range: $240K - 290KWhat You’ll Be DoingThe VP, Information Security reports to the SVP of Data & Security, Info Security Officer and works closely with all levels of organizational leadership. Responsible for establishing, implementing, monitoring and enforcing information security and data governance standards and policies across the organization. Oversees the information security/data governance, information security operations, Identity Access Management (IAM), and IT incident response (IT AIR) teams.

Core Functions

  • Develop, implement, and monitor a strategic, comprehensive Enterprise Information Security Program and strategy to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.
  • Develop and oversee a comprehensive Data Governance Program and strategy to achieve performance objectives and capability maturity targets.
  • Advise technology leadership and business unit partners on the assessed level of risk and necessary security controls to protect the enterprise.
  • Develop, maintain, and publish up-to-date Information Security and Data Governance policies, standards, and guidelines. Oversee the policy and standards approval, dissemination, and training.
  • Oversee the development and management of an effective incident response program that integrates SOC/NOC/MSSP capabilities to ensure the timely resolution of incidents.
  • Chair the Information Security Risk Committee and assists with setting the vision and strategies for managing Information Security Risk.
  • Contribute to the Enterprise Risk Management Committee and the Enterprise Data Strategy Councils.
  • Engage with business units to integrate Information Security Risk Management into business decisions and operations.
  • Develop an Enterprise Availability Strategy for improving monitoring and deploying proactive triage processes and tools.
  • Oversee Cyber Threat Intelligence (CTI) external information gathering and fusion with internal data signals. Research emerging threats, prepare threat briefings, and advise stakeholders on the appropriate actions.
  • Create and deliver Training and Awareness for information security and risk management for all employees, contractors, and approved system users, including role-based training for employees with specialized security responsibilities.

Incident Response

  • Oversee the Incident Response Team (IT AIR) to proactively improve monitoring, detection, and response to technology disruptions and security incidents. Lead and coordinate incident response efforts with other teams to ensure timely resolution of major security & availability incidents.
  • Coordinate incident response with other teams to ensure timely resolution of major security & availability incidents
  • Brief the Enterprise Risk Committee on incidents when appropriate to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.

Information Security Operations & IAM

  • Lead Tabletop Exercises / Simulations each year to prepare participants for their roles in efficient breach response.
  • Oversee IAM Program and strategy to protect the identities, access rights, and privileges of people inside and outside the organization.
  • Implement the principles of Least Privilege that balance the protection of information assets with the needs of the business.
  • Oversee identity security reviews to ensure the credit union's information assets' confidentiality, integrity, and availability with effective operational controls and audits.

Information Security & Data Governance

  • Orchestrate internal and external IT audit and regulatory examination activities.
  • Develop, maintain, and publish up-to-date information security and data governance policies, standards, and guidelines. Oversee the approval, training, and dissemination of security and data governance policies and practices.
  • Advise leadership on necessary security controls and processes to protect the enterprise and partners with business units commensurate to the assessed level of risk.
  • Oversee the data identification program, classification, retention, and protection activities.
  • Ensure execution of time-sensitive IT Risk management activities: Information Security Program Risk assessments, IT risk acceptance and exception management, third-party risk assessment, annual information security program report to the Risk Committee, quarterly Information Security and Risk Committee packet, and monthly IT risk report to IT Leadership.
  • Ensure that information security and data governance programs comply with relevant laws, regulations, and policies to minimize risk and audit findings.

Additional Job Functions

 
  • Develop and coach managers and team by establishing annual performance goals, allocating resources, setting priorities and progressing teammembers’ technical skills and knowledge.
  • Manages division budget.
  • Handles the most sensitive Member issues to ensure a positive Member experience and outcome.
  • Contributes to organizational strategies and priorities as a member of Leadership team. Establishes and implements strategies that have mid to long-term (3-5 years) impact on business results in alignment with organization objectives.
  • Appropriately identifies, evaluates, and manages risk within area and implements risk mitigation strategies and activities as appropriate.
  • Supports credit union in overall financial objectives and Member Service goals.
  • Establish and maintain strong working relationships with third-party vendors and sub-servicer to ensure highest level of service is provided to Members.
  • Provides insights and recommendations as to the strength of the Credit Union’s brand and ways of enhancing them.
  • Guides the department’s development by soliciting feedback from its internal customers and making needed improvements.
  • Takes initiative to bring forward and implement ideas that help the credit union grow successfully.
 
  • Performs other duties as assigned
  • Complies with regulatory compliance and assigned training requirements including but not limited to BSA regulations corresponding to their specific job duties. Failure to do so may result in disciplinary and other employment related actions

    Qualifications

    • Bachelor's Degree or equivalent years of experience required
    • Master's Degree or equivalent years of experience preferred
    • 10+ years of progressive experience in Information Security, Data Management/Governance, and Risk Management required
    • 5-7 years in a leadership role required
    • CISSP required
    • CISM preferred
    • CISA preferred
    • CDMP preferred
    • DGSP preferred
    • CRISC preferred
      Knowledge, Skills, and Abilities
      • Deep understanding of Information Security Management frameworks. Required
      • Ability to lead and motivate cross-functional interdisciplinary teams to achieve tactical and strategic goals. Required
      • Experience with contract and vendor negotiations. Required
      • Excellent written and verbal communication skills, interpersonal and collaborative skills. Required
      • A proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment. Required
      • Poise and ability to act calmly and competently in high-pressure, high-stress situations. Required
      • Must be a critical thinker with strong problem-solving skills. Required
      • Excellent analytical skills and ability to manage multiple projects under strict timelines, as well as the ability to work well in demanding, dynamic environments and meet overall objectives. Required
      • Project management skills; financial/budget management, scheduling, and resource management. Required
      • High level of personal integrity, ability to professionally handle confidential matters, and an appropriate level of judgment and maturity. Required
      • Thorough understanding of IT Operations and the role and impact of information security. Required
      • Ability to cooperatively and effectively work with people from all organizational levels and build consensus through negotiation and diplomacy. Required
      • Knowledge of the CIS Critical Control and NIST Cybersecurity Framework
      • Knowledge of other security frameworks and standards such as ISO, SOC 2, SOX, PCI, COBIT, etc.
      • A clear understanding of intelligence collection and analysis techniques
      • Thorough knowledge of financial services or similarly regulated industries.
      • Knowledge of information security and data security industry trends and standards

        SchoolsFirst FCU is committed to Diverse, Equitable, and Inclusive Hiring

        At SchoolsFirst FCU we are dedicated to building and growing a diverse, inclusive, and authentic Dream Team, so if you’re excited about a position or wanting to make a career change but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. Many skills are transferrable and you may be just the right candidate for the position, or for other roles we are working on.

        SchoolsFirst Federal Credit Union is committed to fostering, cultivating, and preserving a culture of diversity and inclusion. SchoolsFirst FCU is an equal opportunity employer and prohibits discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibits discrimination against all individuals based on their race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, political affiliation, or genetic information.

        This organization participates in E-Verify.

        Apply now Apply later
        Job stats:  1  0  0
        Category: Leadership Jobs

        Tags: Audits CISA CISM CISSP COBIT Compliance CRISC Governance IAM Incident response Monitoring NIST Risk assessment Risk management SOC SOC 2 SOX Strategy Threat intelligence

        Perks/benefits: Career development Team events

        Region: North America
        Country: United States

        More jobs like this

        Explore more career opportunities

        Find even more open roles below ordered by popularity of job title or skills/products/technologies used.