Manager of Information Security

People Helping People, that is what Sunmark Credit Union is all about! 

Why join the Sunmark Squad? Sunmark is a local credit union making a big difference in our community. For 85 years, we strive to build brighter financial futures! We build relationships with our members and look for solutions for all their financial needs through our “Good Vibes” culture. As a team member, you will find satisfaction in your career by assisting with our members finances, volunteering through our foundation team, and career growth opportunities. 

Our Information Security team is hiring!

Starting pay: $110-120k annualized, based on experience.

Ensure the information and operational security of all Sunmark Credit Union assets. 

• Formulate, implement, and maintain an Information Security Program that includes Security Architecture, Incident Response, IT Risk Management, Security Policy & Procedure Compliance, Security Awareness, Data Loss Prevention, Data Classification, User Behavior Monitoring, Managed Detection and Response (SIEM), Business Impact Analysis, Business Continuity and Disaster Recovery.
• Lead the on-going maintenance of the Information Security Program
• Provide input and direction for all new security solutions and any enhancements
• Provide reporting and in-person presentations to Senior Management and the Board of Directors
• Manage regular penetration testing and vulnerability analysis/reporting, internal and external IT audit and assessment reviews, and the coordination of all required fixes
• Act as Risk Steering Committee (RSC) co-chair as well as identify, evaluate, and report on risks to the Enterprise Risk Committee (ERC) and provide subject matter expertise on security standards and best practices (e.g., NY DFS Cybersecurity Regulations, NCUA & NIST)
• Participate in threat information sharing using the Financial Services Information Sharing and Analysis Center (FS-ISAC). Assist in development of threat sharing model and procedures
• Work with Human Resources to develop security awareness training
• Motivate, recruit, train and evaluate performance of Information Security staff members
• Work closely with the Information Technology department to ensure seamless collaboration
• Provide support and guidance for projects that require security expertise
• Conduct research on emerging products, services, protocols, and standards
• Work with the CISO and Risk Management to monitor information security trends and emerging security threats and suggest changes to policy, procedures, and tools
• Support definition of standard hardware configuration baselines based on NIST and CIS cybersecurity frameworks for servers, storage, endpoints and other associated IT hardware assets
• Assist with Vendor management activities such as SOC reviews, User Entity Control reviews and Vendor Security metrics

Candidates should have a Bachelor’s degree or higher focusing on computer science, cyber security or information technology plus related experience within information security. Current and relevant industry certifications such as (CISSP) are desired.

 Preferred Working knowledge:

• Information security regulations, including Federal Financial Institutions Examination Council (FFIEC), National Institute of Standards and Technology (NIST), Payment Card Industry Data Security Standards (PCI-DSS), Personally Identifiable Information (PII), and various other laws and regulations
• Vulnerability scanning and penetration testing methods for discovering vulnerabilities
• IT infrastructure and networks, as well as the security measures required to protect corporate endpoints, servers and networks
• Familiarity with Network switches, routers, and firewalls; in addition to Linux and Windows systems and security
• Proficiency in Microsoft Office software including Word, Excel, and Outlook, with ability to learn and support other software as needed
• Strong project management skills and experience a plus