Lead Cyber Security Engineer

Connection has a fantastic opportunity working for a financial organization in North Haven, CT for an AVP. This is a full time direct hire opportunity, offering a robust array of benefits to support your success. Enjoy strong benefits including a generous 401K matching program. Join us as we journey together toward personal and professional fulfillment.

As the AVP Cybersecurity, you will be responsible for safeguarding the organization's information systems and data assets. You will play a key role in implementing and maintaining security measures to protect against cyber threats, ensuring the confidentiality, integrity, and availability of their systems. Oversees audits and evaluations of the cybersecurity environment. Manages the planning, documentation, testing, integration, and execution of cybersecurity projects including annual budgeting and coordination of vendor responsibilities.

Responsibilities:

• Deliver on cybersecurity initiatives at the credit union. Coordinates with internal teams and external vendors to ensure the cybersecurity resilience of the credit union is tested frequently.
• Stakeholder Collaboration: Collaborate with internal and external stakeholders, such as customs authorities, shipping partners, and regulatory bodies, to ensure security standards and trade compliance.
• Security Policies: Establish and enforce security policies, procedures, and guidelines to protect digital assets, sensitive trade data, and intellectual property.
• Risk Management: Conduct regular risk assessments and vulnerability scans to identify and address potential risks and develop risk mitigation plans to safeguard the organization against cyber threats and vulnerabilities. Be responsible for the business fraud investigation and mitigation.
• Incident Response: Create and maintain an effective incident response plan, ensuring timely and efficient recovery from security breaches and disruptions.
• Incident Investigation and Forensics: Carry out thorough research and investigation on security incidents. Work with internal teams and external vendors to conduct research and forensics.
• Regulatory Compliance: Ensure compliance with all related regulatory bodies.
• Security Awareness: Develop and oversee a security awareness program to educate employees, members, and stakeholders about best practices in cybersecurity.
• Vendor Security: Evaluate and monitor the security practices of third-party vendors, partners, and service providers.
• Conduct risk assessments, analyze security controls, and provide recommendations for improvements.
• Assist in the development and maintenance of our Risk Management Framework processes and documentation.
• Collaborate with the internal teams and external vendors to assess, document, and authorize information systems using the RMF.
• Develop and implement information security policies, procedures, and standards.
• Monitor and defend our systems against cyber threats. Provide incident detection, analysis, and response, helping to improve our overall security posture.
• Participate in conducting regular vulnerability assessments and penetration tests on our IT infrastructure, applications, and networks.
• Provide support in identifying vulnerabilities, reporting findings, and assisting with remediation efforts.
• Provide support in analyzing security incidents and breaches. Monitor security logs and respond to security incidents in a timely manner.
• Proactively search for threats and vulnerabilities within our environment. Conduct incident handling and coordination, ensuring a rapid and effective response to security events.
• Ensure that all cybersecurity activities are conducted in accordance with government policies, standards, and requirements relevant to national security systems.
• Collaborate with IT and development teams to integrate security measures into the design and implementation of systems.
• Maintain accurate records of all activities, including findings, actions taken, and recommendations for improvement.
• Contribute to the development of reports and documentation related to cybersecurity exercises.
• Stay informed about the latest security threats, technologies, trends and best practices.
• Conduct security awareness training for employees.
• Design and implement security controls for networks, systems, and applications.
• Reporting: Provide regular reports and updates to executive management and the board of directors on the state of cybersecurity and compliance.

Requirements:

• Bachelor's or Master's degree in Information Security, Computer Science, or equivalent and appropriate work experience.
• Industry-recognized certifications, such as CISSP, CISM, or CISA.
• Proficiency of threat/vulnerability analysis, penetration testing, and red-team/blue-team exercises.
• Proven experience as an Information Security Engineer or similar role.
• Strong knowledge of information security principles and best practices.
• Experience with security technologies, including firewalls, IDS/IPS, antivirus, and encryption.
• Familiarity with security frameworks and compliance standards (e.g., ISO 27001, NIST, GDPR).
• Hands-on experience with security tools and technologies.
• Proven experience in a leadership role in information security, with at least 5-8 years of relevant experience.
• In-depth knowledge of cybersecurity technologies, tools, and best practices.
• Experience with artificial intelligence (AI) and machine learning (ML) security.
• Experience with DevOps and security automation.
• Experience with security awareness training and education.
• Experience evaluating and managing cyber risk and working within industry-standard frameworks
• Knowledgeable of methodologies such as Cyber Kill Chain and Diamond Model of Intrusion Analysis models.
• Experience with cloud computing, networks, servers, operating systems and PCs is mandatory.