Vice President Director Information Services and ISO

$1000 Signing Bonus effective 1/20/2024 

Note:  All full-time positions include the option of $0 out-of-pocket premium cost for Employee Only PPO AND exceptionally low premiums for all other PPO coverage levels

Hours: Monday -Friday 8:00am-4:30pm according to business operational needs

Hiring Range - $235,745/yr - $294,681/yr

SUMMARY OF POSITION: 

The Vice President, Information Security acts as the Information Security Officer (ISO).  The ISO chairs the Information Security Governance Committee and participates in both the Information Technology (IT) Steering Committee and Technology Advisory Board (TAB).  The ISO is an advocate for Tower Federal Credit Union’s (TFCU) total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to protect its members’ information and optimize the security posture of the credit union. The ISO leads the development and implementation of a security program that leverages collaborations and credit union-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, forward thinking, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at TFCU. 

PRINCIPAL ACCOUNTABILITIES and FUNCTIONS:

 Credit Union and Program Leadership

1. Directs the operations of the Information Security Department to provide monitoring and support of TFCU's information security systems.
2. Responsible for the strategic leadership of TFCU’s information security program.
3. Provides guidance and counsel to the CEO and senior management team and works closely with departmental vice presidents and their managers to further the objectives of the information security program, while building relationships and goodwill.
4. Manages credit union-wide information security governance processes, chair the Information Security Governance Committee and lead Information Security Advocates in the lines of business to promote information security awareness and set project priorities.
5. Leads information security planning processes to establish an inclusive and comprehensive information security program for the entire credit union in support of information systems and technology.
6. Establishes annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
7. Stays abreast of information security issues and regulatory changes affecting credit unions, participates in policy and practice discussions, and communicates to credit union leadership on a regular basis about those topics. Engages in professional development to maintain continual growth in professional skills and the knowledge essential to succeed in this leadership role.
8. Provides leadership philosophy for the Information Security Department to create a strong bridge between organizations, builds respect for the contributions of all and brings groups together to share information and resources to create better decisions, policies and practices for TFCU.
9. Mentors the Information Security Department team members and implements professional development plans for all members of the team to best position TFCU for success.

Policy, Compliance and Audit

1. Leads the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensures information security and compliance with regulatory requirements.
2. Leads efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for TFCU’s information and technology systems.
3. Works with Internal Audit, Information Technology Services (ITS), regulatory agencies and outside consultants as appropriate on required security assessments and audits.
4. Coordinates and tracks all information technology and security related audits including scope of audits, departments involved, timelines, auditing agencies and outcomes. Works with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts TFCU in its best light. Provides guidance, evaluation and advocacy on audit responses.
5. Works with TFCU leadership and relevant compliance department leadership to build cohesive security and compliance programs for the credit union to effectively address regulatory requirements.
6. Develops a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, NCUA, FFIEC, GLBA and PCI.

Outreach, Education and Training

1. Works closely with IT leaders, technical experts, and business units across TFCU on a wide variety of security issues that require an in-depth understanding of the technology environment in their units.
2. Creates education and awareness programs and advises business units at all levels on security issues, best practices and vulnerabilities.
3. Works with individual departments and the Information Security Advocates to build awareness and a sense of common purpose around information security.
4. Pursues member security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.

Risk Management and Incident Response

1. Keeps abreast of security incidents and act as primary control point during significant information security incidents. Convene a Cyber Incident Response Team (CIRT) as needed, or requested, in addressing and investigating security incidences that arise.
2. Convenes Ad Hoc Security Committee as appropriate and provides leadership for breach response and notification actions for the credit union.
3. Develops, implements and administers technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
4. Provides leadership, direction and guidance in assessing and evaluating information security risks and monitors compliance with security standards and appropriate policies.
5. Examines impacts of new technologies on the credit union’s overall information security. Establishes processes to review implementation of new technologies to ensure security compliance.
6. Performs related duties when assigned.

REQUIRED QUALIFICATIONS:

Bachelor’s degree in Computer Science/Information Systems, or a directly related field. Seven to 10 years of progressively responsible and successful directly related work experience, with at least five years in an ISO role. Seven to 10 years of relevant supervisory or management experience. Demonstrated knowledge of information security, risk management, technology and contemporary security tools and infrastructure, electronic document management systems, credit union core processing systems, general LAN/WAN design and protocols, cloud technologies and concepts, virtualization, and Microsoft infrastructure. Or, an equivalent combination of education and experience.

CISSP certification or comparable information security training and education.

Incumbent must be able to obtain and maintain a USG security clearance. 

COMPETENCIES:

•  Ability to manage multiple complex projects.
• Ability to present information and respond to questions from groups of executives or managers.
• Ability to facilitate group discussion, persuade others, and gain consensus on highly technical matters.
• Ability to construct Request for Proposals (RFPs), and successfully negotiate technical contracts.
• Ability to solve day to day problems and to respond to common inquiries and complaints.
• Ability to deal well with stress and flexible resource management.
• Ability to identify cause and affect relationships and evaluate risk vs. potential return.
• Ability to develop action plans and organize workload to accommodate competing deadlines.
• Ability to manage employees directly and in cross functional teams, and to provide constructive feedback.
• Ability to motivate others to take action.
• Ability to maintain the security requirements set forth by Tower across all software, networks, devices, and operating systems.
• Has knowledge of and adheres to credit union policies and procedures and all regulations related to the Bank Secrecy Act, the USA PATRIOT Act and OFAC. 

WORKING CONDITIONS:

• Recurring evening and weekend work to meet deadlines; ability to respond to needs on an ad hoc and scheduled basis. Sitting for extended periods of time.
• Lifting from floor as well as table height and transporting of moderately heavy (up to 50 lbs) objects, such as computers and peripherals. Sufficient sight to work effectively with minimal accommodations, with multiple types of computer terminals, screens, and work stations, and within current and developing work environments.
• Must be able to read data, analyze reports, and prepare summaries and recommendations without violating confidentiality requirements.
• Ability to travel independently to all TFCU facilities, and designated sponsor and vendor locations on an ad hoc and planned basis.·        
• Green Badge Clearance Required

• Ability to sit, stand and walk for extended periods and demonstrate sufficient dexterity and vision to operate a variety of office equipment.
• Ability to work the hours needed which may extend beyond the defined work schedule when operating conditions dictate.

This position description is not necessarily all inclusive in terms of work detail.

Salary : $235,745 - $294,681