DIRECTOR OF CYBERSECURITY AND INFORMATION SECURITY

At Sandia Area, every position plays a vital role in fulfilling our mission to deliver high-value banking and lending services that strengthen the financial well-being of our members and community. Each team member is expected to embody our core values of Service, Sustainability, Efficiency, Trust, Stewardship, and Growth, contributing to our vision of empowering lifelong achievement through better banking. While specific responsibilities vary by role, every position carries universal expectations aligned with its level of responsibility and authority across the organization.

As a Director at Sandia Area, you provide strategic oversight for your department, ensuring its initiatives align with organizational goals and values. You are entrusted with fostering cross-departmental collaboration, driving innovation, and modeling the accountability and stewardship necessary to achieve long-term success. Your leadership directly contributes to the credit union’s ability to deliver on its mission of empowering members and the community through better banking.

Reporting directly to the Chief Information Officer, the Director of Cybersecurity and Information Security is responsible for developing, implementing, and maturing the Credit Union’s cybersecurity program through strategic coordination, governance, and enterprise collaboration. This role leads through influence across IT and business units, aligning cybersecurity priorities with business strategy and risk management goals. The Director partners closely with the Chief Risk Officer to ensure a unified approach to cyber resilience, compliance, and data protection across the organization.

Duties and responsibilities

Leadership & Team Management

• Lead by example, reinforce, and consistently uphold Sandia Area’s Values: Service, Sustainability, Efficiency, Trust, Stewardship, and Growth.

• Provide strategic leadership to department managers and teams, ensuring alignment with organizational goals and priorities.

• Build and lead a high-performing team; set performance targets, foster a culture of continuous improvement, encourage innovation, learning, and adapting best practices to optimize performance.

• Drive collaboration across departments to ensure cohesive strategies and shared accountability.

• Oversee large-scale projects and initiatives, managing resources effectively and meeting organizational timelines.

• Develop and align departmental goals with the broader organizational strategy; ensure all members of the team are meeting performance expectations.

• Directly or indirectly manage staff to enhance professional development and personal growth; provide regular coaching, feedback, and performance evaluations.

• Optimize resource allocation, including personnel, budget, and other resources, to maximize effectiveness while controlling costs.

• Oversee the recruitment, interviewing, and hiring process, ensuring candidates align with the credit union’s mission, values, and service culture.

• Oversee the onboarding, training, and development of new hires, fostering a positive and growth-oriented work environment.

Cybersecurity Program Leadership

• Establish and oversee the Credit Union’s Cybersecurity Program framework, integrating standards from NCUA, FFIEC, GLBA, and NIST CSF.

• Develop and manage a multi-year cybersecurity roadmap and maturity model.

• Define program goals, metrics, and key risk indicators (KRIs) to measure effectiveness.

• Coordinate implementation of cybersecurity initiatives across IT departments (Networking, Systems Administration, Applications, Support Desk, and Data Analytics).

• Recommend updates to policies and procedures as necessary, and where necessary establish new policy procedure.

• Partner with the Chief Risk Officer to integrate cybersecurity risk into the enterprise risk management (ERM) framework.

• Lead cybersecurity governance activities and report regularly to executive leadership and the Board.

Leadership & Cross-Functional Collaboration

• Lead through influence by coordinating with IT leadership teams to achieve cybersecurity objectives.

• Partner with enterprise leaders to embed cybersecurity into strategic projects.

• Serve as liaison between IT, Risk, Compliance, and Internal Audit for all cybersecurity initiatives.

• Champion a culture of security awareness and accountability across the organization.

• Provide cybersecurity awareness training for Sandia Area employees to promote best practices in information security.

• Collaborate with Internal Audit and Compliance to ensure continuous improvement and audit readiness.

Governance, Risk, and Compliance Oversight

• Maintain oversight of cybersecurity policies, controls, and regulatory compliance activities.

• Ensure continuous compliance with NCUA Part 748, FFIEC CAT, GLBA, PCI DSS 4.0 and other relevant regulations.

• Coordinate cybersecurity risk assessments, penetration testing, and control validation.

• Lead cybersecurity exam readiness and response efforts for regulatory audits.

• Develop and present cybersecurity risk and performance reports to the Executive Team and Board committees.

Security Operations Oversight

• Oversee security monitoring, detection, and incident response operations in collaboration with IT and managed service providers.

• Validate the effectiveness of security controls, including firewalls, SIEM, IAM, and endpoint protection systems.

• Review vulnerability and penetration test results, ensuring remediation aligns with policy and risk tolerance.

• Coordinate post-incident reviews to identify lessons learned and strengthen controls.

Vendor and Third-Party Risk Management

• Oversee third-party cybersecurity risk management, ensuring due diligence, contract compliance, and ongoing vendor oversight.

• Collaborate with Procurement, Legal, and Risk Management to manage vendor security reviews.

• Represent the Credit Union externally with peers, regulators, and industry consortiums.

Business Continuity & Resilience Planning

• Integrate cybersecurity response planning into enterprise Business Continuity and Disaster Recovery (BC/DR) programs.

• Lead tabletop and simulation exercises to test incident readiness and coordination.

• Ensure cybersecurity components of BC/DR are updated and tested regularly. Mentor and develop leaders within the department, fostering growth and succession planning. 

Expectations of all Sandia Area employees

• Demonstrate a strong commitment to upholding the organization’s mission, vision, and values in all interactions and responsibilities.

• Represent the credit union with professionalism, integrity, and ethical conduct at all times.

• Maintain a thorough understanding and strict adherence to credit union regulations, compliance requirements, policies, procedures, and operational guidelines.

• Consistently meet deadlines as assigned while ensuring accuracy, efficiency, and adherence to quality standards.

• Foster a positive and supportive environment for both members and employees, ensuring interactions align with the credit union’s mission and service philosophy.

• Adhere to all regulatory and compliance policies, upholding the highest standards of security, confidentiality, and ethical financial practices in all interactions.

• Maintain the confidentiality and security of information, records, and sensitive data, in compliance with credit union policies and regulatory requirements.

• Adapt to evolving responsibilities, taking on additional duties as assigned to support the success of the organization.

• Demonstrate a commitment to continuous learning, professional development, and staying informed on industry trends and best practices.

• Willing to undergo background and credit checks as required by federal and state regulations.

• Understand and comply with all policies, procedures, and legal guidelines, including adherence to the Bank Secrecy Act (BSA), Office of Foreign Assets Control (OFAC), and other applicable financial regulations.

Knowledge, Skills, and Abilities (KSAs)

• Deep understanding of information security governance and risk management frameworks (NIST CSF, ISO 27001, FFIEC CAT, CIS Controls).

• Proven ability to design, implement, and mature an enterprise cybersecurity program.

• Strong knowledge of financial sector regulations including NCUA, FFIEC, GLBA, and PCI DSS.

• Demonstrated experience in cybersecurity risk quantification, budgeting, and performance measurement.

• Ability to communicate complex technical and risk issues clearly to executives and the Board.

• Experience leading cross-functional initiatives through influence and collaboration.

• Strong project management, organizational, and strategic planning skills.

• Excellent written, verbal, and presentation communication abilities.

• Awareness of data privacy and emerging regulatory trends affecting member information

• Visionary leadership and strategic planning skills to align departmental initiatives with organizational objectives.

• Ability to strategically plan department objectives with levels of senior management.

• Knowledge of Credit Unions or financial institutions and their products, services, and operations.

• Knowledgeable regarding products, services, and processes within the consumer and indirect lending areas.

• Strong collaborative skills to foster cross-departmental partnerships.

• Ability to oversee large-scale projects and manage resources effectively.

• Advanced communication skills to engage with stakeholders and present ideas clearly.

• Analytical skills to assess departmental performance and implement improvements.

• Proven managerial experience and ability to lead and mentor teams.

• Willingness to engage in difficult situations using outstanding interpersonal skills and emotional intelligence.

• Exceptional time management and organizational skills, with the ability to prioritize tasks, manage multiple responsibilities, and adapt to a fast-paced environment.

• Passionate about teamwork and having a positive influence on others; ability to work independently and demonstrate attention to detail.

• Proactive in seeking professional growth, embracing both formal and informal development opportunities, and demonstrating adaptability to new responsibilities.

• Team-oriented with a strong collaborative mindset, actively supporting team members and contributing to a positive and high-performing environment.

• Proficient in Microsoft Office, including Outlook, Word, Excel, and PowerPoint.

• Ability to perform essential functions, including the ability to lift up to 20 lbs. as needed.

Minimum Education and Experience Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field required; equivalent experience may be considered.

• Minimum of 7 years in IT or cybersecurity leadership roles, with proven program management experience.

• Professional certifications such as CISSP, CISM, CISA, or equivalent strongly preferred.

• Experience in the financial services industry or credit union sector preferred.

*** Please submit an employment application to www.sandia.org/careers ***

Sandia Area Federal Credit Union (SAFCU) is an Equal Opportunity Employer.

SAFCU provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.