Information Security Governance Lead

Job Description

At Unitus, each employee has an opportunity to make a difference for our members. As part of the Risk Advisory Services team, the Information Security Governance Lead has primary responsibility for security governance efforts, establishing policies and procedures that protect the CU’s assets, comply with regulatory requirements, and support business objectives. This position involves close collaboration with the Risk Advisory Services and Information Technology team members, as well as external auditors. The position will participate in a broad range of threat mitigation activities, as well as monitoring the performance of risk mitigation systems and processes across the credit union ensuring our commitment for unparalleled service – the kind that creates the Unitus difference. Our strong team of leaders, outstanding culture, above market benefits, continuous involvement in the communities we serve, and competitive pay programs make Unitus an excellent place to contribute and grow your talents.

Primary Duties

• Ensure credit union alignment with relevant financial regulatory frameworks such as the FFIEC and PCI-DSS by developing and maintaining processes and periodic assessments. Establish and maintain a security governance framework that aligns security objectives with organizational goals and regulatory requirements.
• Design and maintain information security policies and procedures to support regulatory compliance and mitigate security risks. Define key security metrics and produce regular reports on the CU’s security posture.
• Lead Information Security risk assessments and processes (including InfoRisk Committee), identify vulnerabilities, and work with stakeholders to develop risk mitigation strategies. Assist with security audits, both internal and external, facilitate audit processes.
• Assist in the third-party risk management and incident response programs to ensure compliance with security policies and regulations. Work with the security awareness team to develop programs for educating employees on information security governance policies/procedures, compliance and best practices.
  
  

As an ideal candidate, you will have:

Education & Experience

• Bachelor’s degree in Information Systems/related field or equivalent work experience
• Requires a minimum of 2 years of experience in information security including information security program development and management.
• Knowledge of information security and regulatory frameworks (i.e. FFIEC, PCI-DSS, NIST)
• Project management experience
• Relevant certifications such as CISA, CISSP, or CISM preferred
• Prior experience in financial services or other highly regulated industry a plus.
  
  

Knowledge, Skills And Abilities

• PC skills (Microsoft Office Suite), with the ability to learn new software and demonstrate services through the use of technology
• Strong ability to multi-task while maintaining attention to detail and performing follow through on problems through resolution.
• Excellent communication skills including effective listening, speaking, problem solving and tact in dealing with internal and external members and colleagues.
• Ability to maintain privacy and confidentiality
• Must be reliable and dependable in being at work, being on time, and meeting deadlines.
• Must have the ability to work independently with minimum supervision and exercise good judgment, initiative, and tact in dealing with members, supervisors, and staff.
• Must have the ability to work as a team player while using discretion in decision making sound judgment in problem solving.
• Comprehend and adhere to all company wide and department specific policies and procedures.
• Thorough knowledge of security best practices and information security program fundamentals.
• Basic understanding of application development as it pertains to application security.
• Must have well-developed analytical skills, time management, project management, accuracy, and attention to detail.
• Building and maintaining business relationships with consultants, vendors, and outside agencies.
• In-depth understanding of networking technologies and infrastructure management.
• Ability to conduct needs assessments and identify problems, develop solutions, and take appropriate actions exercising sound judgment.
  
  

What’s it really like to work here?

We are a people-focused organization that places an emphasis on culture. Unitus is local, successful, and committed to continuously improving and growing!

Unitus Community Credit Union (Unitus) is an equal opportunity employer. We are dedicated to a policy of non-discrimination in employment based on race, color, age, sex, religion, veteran status, national origin, sexual orientation, disability or any other classification protected by applicable federal, state or local law. Applicants may request reasonable accommodation to participate in the application process.