Chief Information Security Officer

Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining a robust information security program that safeguards Utah Community Credit Union's (UCCU) digital assets, member data, and technology infrastructure.

Key Responsibilities

• Strategic Leadership: Develop and implement a comprehensive information security strategy aligned with organizational goals and regulatory requirements.
• Provide guidance to executive leadership: on emerging security threats, risks, and opportunities.
• Identify and assess potential security risks: to member data, systems, and infrastructure.
• Oversee the development and implementation of risk mitigation plans and incident response protocols.
• Develop and maintain the Business Continuity Program (BCP): for the credit union's information systems. Ensure program is tested annually and recommend necessary improvements.

Compliance & Governance

• Work with the credit union's compliance officer: to ensure compliance with all relevant regulations, including NCUA, FFIEC, and GDPR, as applicable.
• Develop, maintain, and enforce security policies, standards, and procedures.

Operational Excellence

• Lead the design and implementation of secure architecture: for networks, applications, and systems.
• Direct vulnerability assessments, penetration testing, and audits: to ensure a robust security posture.
• Oversee incident detection, investigation, and response activities.
• Build and lead a high-performing information security team: fostering a culture of accountability, collaboration, and innovation.
• Provide mentorship and professional development opportunities: for team members.
• Partner with IT, compliance, legal, and other stakeholders: to embed security into organizational initiatives.
• Communicate security goals, initiatives, and risks: to the board of directors and executive leadership.

QUALIFICATIONS

• Bachelor's degree in cybersecurity, computer science, information technology, or a related field: (Master's degree preferred).
• Minimum of 10 years of experience in information security: with at least 5 years in a leadership role.
• Industry certifications such as CISSP, CISM, CISA, or equivalent.
• Comprehensive knowledge of information security frameworks: (e.g., NIST, ISO 27001, COBIT).
• Experience in financial services, specifically within credit unions or banking: is highly desirable.
• Strong understanding of regulatory requirements and industry standards affecting credit unions.
• Excellent leadership, communication, and strategic planning skills.

Pysical Activities and Requirements

• Talking: Especially where one must frequently convey detailed or important instructions or ideas accurately, loudly, or quickly.
• Average Hearing: Able to hear average or normal conversations and receive ordinary information.
• Repetitive Motion: Movements frequently and regularly required using the wrists, hands, and/or fingers.
• Average Visual Abilities: Average, ordinary, visual acuity necessary to prepare or inspect documents or products or operate machinery.
• Physical Strength: Sedentary work; sitting most of the time. Exerts up to 10 lbs. of force occasionally.

Working Conditions

• NONE: No hazardous or significantly unpleasant conditions (such as in a typical office).

Mental Activities and Requirements

• Reasoning Ability: Ability to apply logical or scientific thinking to a wide range of intellectual and practical problems.
• Mathematics Ability: Ability to use advanced algebra, exponents, logarithms, linear equations, quadratic equations, mathematical induction and binomial theorem, permutations, calculus, and/or analytic geometry.
• Language Ability: Ability to read periodicals, journals, manuals, dictionaries, thesauruses, and encyclopedias.