Position Summary:

The Vice President of Information Security is responsible for the strategic development, implementation, and oversight of the credit union’s information security and cyber risk management programs. This role is a visionary leader who establishes a robust security posture that aligns with the organization’s objectives, risk tolerance, and regulatory requirements. Key focus areas include cyber risk assessment, threat intelligence, incident response, and maintaining a culture of security awareness. This role directly impacts the safety and trust of our members, as well as the security and resilience of all digital assets.

Primary Responsibilities and Duties:

• Define, execute, and sustain a forward-looking information security strategy that aligns with the credit union’s vision and business objectives. Establish security roadmaps, budget requirements, and risk management protocols that reflect emerging threats and industry best practices.
• Oversee the assessment of information security risks and implement programs to manage and mitigate these risks proactively. Advise senior leadership on risk prioritization, mitigation strategies, and resource allocation for cybersecurity initiatives.
• Mentor and lead a high-performing security team, providing clear objectives, development opportunities, and alignment with organizational goals. Empower the team to foster a proactive security culture, instilling accountability and ownership of security practices across all levels.
• Lead the establishment of information security governance frameworks and ensure continuous adherence to regulatory requirements (SSAE16, PCI, GLBA, FFIEC). Collaborate with Legal, IT, HR, and other departments to develop compliance and remediation strategies.
• Develop, implement, and continuously improve business continuity and disaster recovery plans to ensure organizational resilience. Direct incident response planning, including team coordination, investigation methodologies, and timely reporting for internal and external stakeholders.
• Oversee deployment and management of security technologies, such as security information and event management (SIEM), intrusion detection/prevention systems (IDPS), and endpoint detection and response (EDR). Ensure that information security operations are optimized for effective threat detection, monitoring, and response.
• Serve as the primary advisor to the executive team, communicating risks and security initiatives in a business-centric, non-technical manner. Promote security awareness across the organization through training programs and frequent communication to build a security-conscious culture.
• Stay updated on emerging security trends, technologies, and regulatory changes, continuously improving security practices and adapting strategies as necessary. Lead initiatives that leverage new technology and innovative practices to enhance the credit union’s security posture.

Knowledge/Skills:

• Strong leadership capabilities, with experience in building collaborative relationships to influence security-related decisions organization-wide.
• Expertise in information security standards, architectures, and technologies, including hands-on experience with modern security platforms and tools.
• Skilled in evaluating and mitigating information security risks and vulnerabilities with a deep understanding of current threat landscapes.
• Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences, including senior executives.
• Strong critical thinking, problem-solving, and adaptability skills to navigate a dynamic security landscape.

Minimum Requirements:

• Bachelor’s degree in Computer Science, Information Security, or a related field required; Master’s degree preferred.
• Advanced security certification(s) (e.g., CISSP, CISM, CISA) required; additional certifications in cloud security or risk management are a plus.
• 10+ years of successful progressive experience with information security, network architecture, as well as business continuity concepts, tools, and technologies.
• 5+ years of experience with root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architecture preferred.
• 8+ years of experience leading and managing an enterprise information security program, including business system continuity planning, auditing and risk management (for information security).
• 5+ years of experience devising and implementing information security policies, procedures and methodologies to improve information security practices and business continuity capabilities throughout the organization required.
• Demonstrated experience leading and managing an Incident Response Team in the course of a rapidly evolving security incident
• Solid understanding of regulatory compliance for SSAE16/PCI/GLBA/FFIEC through experience at a financial institution preferred.
• Master’s degree preferred