Manager, Information Security Operations

Connexus Credit Union - Who We Are:

Serving members across all 50 states, Connexus Credit Union is a member-focused cooperative that is proud to return profits to member-owners through high yields for checking accounts and deposit products, as well as competitive rates on our loans. We are a remote first employer with the majority of our employees residing in the upper Midwest.

As an employer we foster collaboration and high performance to achieve excellence. We holistically care for and develop our employees to thrive personally and professionally. We are proud to share our success with our employees and those we serve.

Connexus offers an Amazing Benefits package:

• 25 days of paid time off and 8 paid holidays

• 16 hours of paid Volunteer Time Off

• 401K Retirement with up to 6% employer match

• Excellent Health, Dental, Vision insurance, including multiple plan options

• Health Savings Account with generous employer contributions

• Employer paid Life insurance, Short-Term and Long-Term Disability

• Tuition Reimbursement from $4,000 - $7,000 per calendar year

• Robust Learning and Development program that includes an annual professional development stipend

About the Role:

The Manager of Information Security Operations will lead the Security Operations Team in managing and optimizing information security systems and controls. This role is pivotal in safeguarding the confidentiality, integrity, and availability of the organization's computer networks, systems, and applications. Key responsibilities include the development and management of the enterprise security solution stack, driving information security initiatives, risk analysis, vulnerability tracking and remediation, and orchestrating responses to security incidents and events. Reporting to the Vice President of Information Security, the Manager of Information Security Operations is a crucial member of the Information Security team. The role demands active collaboration with the Business Technology (BT) team and cross-departmental stakeholders, enforcing compliance with the organization's security policies, procedures, and standards.

The Manager is tasked with enhancing the Information Security program by implementing 'secure-by-design', 'defense-in-depth', and 'least-privilege' approaches. This aligns with the organization's commitment to cybersecurity best practices, adherence to industry standards, frameworks, and regulations. This position requires a keen understanding of emerging cybersecurity threats and vulnerabilities, coupled with a strong ethical commitment to maintaining the organization's reputation and promoting sustainable growth.

Responsibilities:

Security Engineering & Monitoring

• Execute and manage information security projects.

• Oversee security monitoring and defense of IT systems.

• Maintain the effectiveness of security monitoring tools.

• Collaborate with BT and other departments for integrated security compliance.

• Serve as a security consultant on projects, guiding technology integration.

• Produce regular security reports for senior management.

• Evaluate and implement new security technologies.

• Improve operational response by optimizing alert processes.

Team Leadership & Development

• Lead, mentor, and manage a team of information security analysts.

• Promote a culture of continuous learning and professional development.

• Conduct performance management and career development for the team.

• Implement and oversee delivery of security operations processes and standard work.

• Advise infrastructure teams on threat detection and mitigation.

Security Governance, Risk & Compliance

• Assist auditors and examiners in the collection of control related documentation and to support risk reduction efforts.

• Conduct IT security risk assessments and advise on control designs.

• Manage the vulnerability management program, including detection, classification, and remediation.

• Support adherence to information security policies and regulatory compliance.

• Coordinate penetration testing and social engineering tests.

Incident Response

• Lead the incident response team during security events.

• Coordinate multi-departmental incident management and resolution.

• Conduct post-incident analysis and develop prevention strategies.

• Maintain the Security Incident Response Plan.

• Prepare cyber-threat intelligence reports.

• Coordinate cybersecurity exercises and improve monitoring and response processes.

• Communicate incident findings to both technical and non-technical teams.

Security Strategy & Policy Implementation

• Assist with the development of strategic security initiatives to protect institutional assets.

• Regularly update and enforce security policies and procedures.

• Ensure compliance with financial sector regulations.

• Create and implement security awareness programs for employees.

• Develop, maintain, and report on InfoSec related metrics, measures, and KPIs.

Other Responsibilities:

• Stay current with trends in cybersecurity and incident management.

• Participate in ad hoc projects and corporate initiatives.

• Support business continuity and disaster recovery efforts.

• Identify and report process improvement opportunities.

• Maintain effective relationships with service providers and vendors.

Position Requirements:

• This position is Remote.

• Bachelor's degree in a computer science, information systems, or technology field; or commensurate experience in cybersecurity is Required.

• 7 years of experience in cybersecurity operations or incident response is Required.

• 3 years of experience managing, leading, and working with remote/distributed teams with diverse backgrounds in a security field is Required.

• Deep understanding of effective defensive controls for enterprise-level IT technologies including networks, endpoints, virtualization, cloud, operating systems, email, storage, databases, etc. is Required.

• Prior experience working in and understanding of industry compliance standards and regulations (ISO, NIST, PCI DSS, SOC II Type 2, CIS, GLBA, CCPA, etc.) is Required.

• One or more of the following security certifications is Required: CISM, GSEC, GCLD, CISSP, CISA, GCIH, Security .

Connexus Credit Union's Employer Recognitions:

• 2024 Best in Class Employer, Gallagher

• 2025 Best Place to Work in IT, Computer World

Equal Opportunity Employer/Disabled/Veterans/41 CFR 60-1.4, 41 CFR 60-1.35