Hiring Requirements: Candidate must successfully pass credit review, drug screen, criminal background check and provide professional employment references.
The Director of Information Security is responsible for establishing the strategic vision of the Information Security program and developing a roadmap to achieve the goals. Ensures the integrity, confidentiality, and security of TTCU information assets. The role also services as the Information Security Officer, responsible for the annual cybersecurity reporting to the Board of Directors. The role is both strategic and tactical. Performs duties in compliance with regulatory requirements including, but not limited to, the Bank Secrecy Act.
Supervises: Senior Security Analyst
Essential Job Functions and Responsibilities
- Develop, implement, and maintain the information security program, strategy and roadmap, including corporate information security metrics, policies, procedures, and standards. Develop a risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels at regular intervals.
- Manages the day to day operations of the Information Security Program and the implementation/configuration of security tools (firewalls, endpoint protection, email security, cloud security, SIEM, etc.) in coordination with IT.
- Act as the primary information security liaison for any third party assessments, audits, and regulatory exams. Prepare and present accurate and timely information in response to any audits and regulatory exams. Implement regulatory requirements, industry standards, and best practices such as NCUA, FFIEC, GLBA, PCI DSS, NIST 800-53, Critical Security Controls, and ISO 27001.
- Act as the subject matter expert and mentor on various information security topics throughout the organization by monitoring Information Security Industry trends. Educate the Board, management and the business on cyber risk through reporting, presentations, and training programs for the organization. Ensure all employees, contractors and approved system users are trained on information security and their contribution to risk mitigation. Participate in industry collaborative efforts to monitor, share, and discuss emerging security threats.
- Foster transparency and collaborative working relationships with leadership and security stakeholders (IT, operations, business lines, risk management, and internal audit) across the credit union to better understand the flow of information, the risks to that information and the best ways to protect that information Works closely with IT and project teams to ensure that new projects, vendors, and software meet or exceed information security requirements.
- Leads cybersecurity investigations and incident response efforts providing summaries and recommendations to resolve the matter. Reports significant security events to the board, security committee, management, government agencies, and law enforcement as appropriate.
- Oversee information security budget, documentation, contracts, and vendors.
- Bachelor's degree in Computer Sciences, Information Systems or other related discipline required
- Master's Degree preferred
Certificates / Licenses
- Computer and network certifications preferred
- Industry security certification (i.e. CISSP, CISM, CISA, GIAC, etc.) preferred
- Must have and maintain a valid drivers license
- 10 Years Proven Ability - Technical experience planning, maintaining and managing computer system operations
- 4-5 Years Intermediate experience with software applications, computer networking, systems security and telephone systems
- 4-5 Years Supervisor experience in a related field.
- Effective Communication
- Functional Expertise
- Integrity & Trust
- Learning Agility
- Maintain Accountability
- Manage Complexity
- Systems Perspective
Advanced expertise with computer operating systems, networking and data communications (TCP/IP) is required. Ability to organize work and deal with installation and maintenance projects. Ability to independently manage the details of multiple programs and projects, to track activities and meet deadlines.
Intermediate written and verbal communication skills required to facilitate the sharing of information with members, staff, and external contacts. Ability to create an atmosphere that promotes TTCUs Core Values by maintaining a high level of personal integrity, presenting a friendly, enthusiastic, and professional demeanor while providing extraordinary service to members and fostering teamwork among employees.
Routinely perform work indoors in climate-controlled private office with moderate noise. Must be able to perform job functions independently or with minimal supervision and work effectively either on own or as part of a team. Must be able to read and carry out various written instructions and follow oral instructions. Must be able to speak clearly and deliver information in a logical and understandable sequence. Must be able to perform complex mathematical calculations with extreme accuracy. Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate the highest levels of customer service and discretion when dealing with the public. Must be able to perform responsibilities with composure under the requirements for extreme accuracy and quality and/or fast pace. Must be able to effectively handle multiple, simultaneous, and changing priorities. Must be capable of exercising the highest level of discretion on both internal and external confidential matters.