AVP, Information Security Officer

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Programming, or a similar field is preferred, or a combination of training, education, and experience may be considered. Experience working in a financial institution is preferred.
• CISSP, CISA, CISM or equivalent certification required.
• 10 years’ experience in Information Security or related field. 3+ years’ demonstrated experience in building, developing, and managing high performance teams.
• Experience in assessing and ensuring the effectiveness of an information security program.
• Advanced knowledge of industry standards adopted by ISO, NIST, COSO, FFIEC, NCUA and others that influence the information security program.
• Demonstrated understanding of technical security concepts and tools, such DLP, EDR, business continuity, incident response, and vulnerability management.

Responsibilities

• Develop, maintain, and enhance the Credit Union’s information security governance framework in alignment with NIST, NCUA, and FFIEC guidelines.
• Establish and monitor security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Provide regular updates to Executive Management, Risk Committees, and the Board on the Credit Union’s information security posture.
• Collaborate with IT, Risk, and Compliance teams to align security initiatives with business objectives.
• Oversee risk assessments, control testing, and assurance activities for Information Security.
• Identify, assess, and monitor information security risks across the Credit Union.
• Maintain and update the Information Security Risk Register and ensure alignment with enterprise risk appetite. Recommend risk treatment strategies and validate remediation plans for identified gaps.
• Provide independent oversight and challenge to 1st Line IT and business units regarding security controls and risk mitigation.
• Monitor and report on key risk indicators, vulnerabilities, and emerging threats to Executive Management and Risk Committees.
• Manage the development, oversight, and continuous improvement of the Credit Union’s Incident Response Program.
• Conduct periodic tabletop exercises to test the effectiveness of the IRP.
• Coordinate with legal counsel, Compliance, and internal stakeholders for any legal and/or regulatory notifications.
• Design and implement a comprehensive security awareness program for employees, contractors, and vendors.
• Promote a strong security culture through regular training, phishing simulations, and targeted campaigns.
• Measure and report on the effectiveness of awareness initiatives and cultural improvements.
• Stay current on emerging technologies, threats, and regulatory changes impacting information security.
• Manage and mentor a team of information security professionals, fostering a culture of accountability and continuous improvement.
• Develop staff capabilities through training, coaching, and performance management.

Benefits

• Health & Wellness: Medical, dental, and vision insurance, plus an Employee Assistance Program.
• Financial Perks: 401(k) match (5%), HSA match, and SCCU-paid insurance (short/long-term disability, life insurance).
• Education Support: Tuition reimbursement after one year of service.
• Generous Time Off: 20+ days of PTO, birthday PTO, and 11 federal holidays.
• Exclusive Discounts: Lower rates on loans, credit cards, and no fee SCCU accounts!