VP of Information Security

POSITION SUMMARY:
The Vice President Information Security is responsible for leading the Information Security Program for Premier Members Credit Union (PMCU). This position is responsible for establishing the strategic vision of the Information Security program and executing a roadmap to achieve the goals. This role will report directly to SVP Information Technology.

The Vice President Information Security will collaborate with the Risk and Compliance departments in ensuring PMCU is aligning with organizational risk tolerance. This position maintains the role of the Information Security Officer responsible for cyber incident response and security reporting to the Information Technology Steering Committee. This position is also responsible for developing all operational tasks within the information security portfolio including security training, vulnerability scanning, remediation, logging, auditing and all other security related functions.

ESSENTIAL FUNCTIONS:

• Establish and implement Information Security Roadmap for PMCU.
• Collaborates with our Audit team on external IT Risk assessments, penetration tests, and coordinates with technology teams with vulnerability scans, and social engineering tests, synthesizes results, and implements action plans for issue resolution.
• Provide executive leadership and business leaders guidance on security risks, controls, and emerging threats and recommend risk reductions.
• Monitors Information Security industry trends and educates the organization of critical information.
• Develops, plans, and manages the Information Security Program to include policies, procedures, and standards.
• Defines the annual security awareness training, and new hire training to ensure all levels of staff and management are well-educated regarding information security practices.
• Provides consultation with project initiatives to research, validate Information Security vendors and products to ensure robust detection, prevention, and monitoring tools are in place.
• Defines the Information Security plan to resolve gaps identified from audits, risk assessments or vulnerability scans.
• Defines the day-to-day operations for the information security department including SIEM, threat intelligence, and SOC activities, to detect, prevent, and respond to cyber threats.
• Responsible for cyber security investigations providing summaries and recommendations to resolve incidents.
• Develop strategies to protect information assets, and advises on system access control, monitoring, and response.
• Develop and execute the organization's information security strategy, aligning with industry frameworks such as NIST, ISO/EIC 27001, and CIS Controls.
• Familiarity with regulatory requirements, industry standards, and best practices such as NCUA, FFIEC, GLBA, PCI DSS, GDPR and SOC 2.
• Familiarity with secure coding best practices including DevOps and SDLC.
• Develop a team (direct or indirect reports) that is nimble enough to build and execute Information Security solutions to support the Organization’s strategic initiatives.
• Provide strong leadership and direction to direct reports. Recruits and hires talented individuals to join the team and continues to develop them to their full potential.
• Build strong relationships across business groups and develop a detailed understanding of their issues, challenges and opportunities. Ensure transparency and collaboration between key stakeholders.
• Manage operating budget for Information Security roadmap and initiatives
• Foster a culture of security first, innovation, transparency and accountability.
• Promotes a security-first culture across the organization
• Other duties as assigned

EDUCATION AND EXPERIENCE

• Bachelor's Degree Computer Science, Network, Cyber Security or relevant field is preferred.
• Advanced Degree/Certifications such as CISSP, CISM, CEH, and CCSP are required.
• Banking/Credit Union experience is preferred.
• Five years to eight years of similar or related experience, including preparatory experience.
• 3 to 5 years of experience with regulatory compliance (i.e PCI, GDPR, GLBA, SOX & NCUA)
• 5 to 7 years of experience with implementing and or managing essential security tools including IDS/IPS, DLP, WAF, EDR, CASB, and Vulnerability Management.
• 5 to 7 years Leadership experience is preferred.
• Broad and thorough knowledge of security practices, applications systems, and tools. Experience with planning, developing, implementing and updating organization’s information security strategies, policies, procedures, standards and processes.

Hard/Skills/Abilities:

• Ability to maintain a high level of confidentiality.
• Working knowledge of financial service institutions and its operations and procedures are preferred.
• Excellent management skills and the ability to prioritize multiple initiatives and projects.
• Ability to establish strategic direction for the department and provide the roadmap of initiatives and priorities in support of that vision.
• Experience with Cloud solutions such as AWS, GCS, or Azure.
• Ability to operate at all levels of the organization, and to both motivate and influence others that are often in a more senior position.
• Excellent oral and written communications skills.
• Ability to manage change within the organization.
• Technically proficient in IT infrastructure and Information Security controls and concepts.
• Demonstrate flexibility and the ability to work in a team environment.
• Demonstrated business and technical acumen, including the ability to read, analyze and interpret reports and documentation.
• Strong interpersonal, presentation and negotiating skills.
• Exceptional people and organizational leadership, with a track record of leading high performing teams
• Strategic thinker with strong operational and analytical skills.
• Passion for solving problems that have large impact to the organization and our members.
• Ability to define problems, collect data, establish facts, and draw valid conclusions.