Information Security Manager

Responsible for managing the corporate information security program to ensure confidentiality, integrity, and availability of credit union data assets. The program will include policies, standards, and guidelines to cost effectively manage the risk to the business due to the utilization and implementation of information technology infrastructure and applications. Lead integration of security within technical architecture and organizational initiatives. Lead and manage the information security department providing guidance, training, and support to the security department while fostering collaboration with other internal departments and or external auditors and regulators as needed.

• Manage security policies and standards organization-wide to ensure the protection of corporate data against unauthorized use, access, modification, disclosure and deliberate or inadvertent destruction.
• Manage security criteria/standards for evaluation existing and proposed applications providing an assessment of vulnerability and risk. Provide continual reassessment of the security posture of the credit union. Provide consultation support for all departments who have identified security concerns and/or vulnerabilities. Manage appropriate plans to mitigate potential security weakness.
• Manages annual IT audit work, including annual plan development, audit fieldwork, writing of issue reports, and partnership with colleagues in Internal Audit to perform IT testing during projects (i.e. Integrated Auditing)
• Manages the creation and collection of documentation from IT and business departments in preparation for NCUA, DFI and external audit annual exams.
• Manages Credit Union corporate BCP/DR plan.
• Collaborates with IT management to review and work with appropriate personnel to perform annual tests of BCP/DR and IRP plans.
• Continually conduct and manage data security forensic analysis and risk assessment to evaluate the entire infrastructure for breach vulnerability. Publish and manage network security guidelines for implementing firewalls, router filters, and related web server security tools and barriers.
• Review penetration testing and security results for external and internal auditors. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.
• Montor network for security violations. Respond to incidents of intrusion and penetration immediately. Investigate security breaches, including full documentation of events and effective retention of evidence. Work with law enforcement authorities as appropriate.
• Identify regulatory changes that will affect data and application security policy, standards, and procedures. Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels.
• Assist the VP/CIO in coordinating and managing the integration of information security objectives with organizational projects and goals.
• Educate staff and members, as directed and appropriate, so information security relating to vulnerabilities, viruses, fraud scams, and tools available for personal as well as system/network protection.
• Assist the VP/CIO in managing system plans for disaster recovery and use of related software from a security perspective.
• Recommend, implement, and oversee ongoing administration of an effective change management process to realize high uptime performance of all critical systems, with minimal degraded system effect and high quality of change.
• Oversee compliance with information security internal policies and procedures and regulatory requirements. Work with outside consultants/agencies, as appropriate for independent security audits. Report non-compliance to the EVP/CFO and the VP/CIO.
• Member of the management team to review member service delivery and related functions, operational policies, employee issues, quality control problems, planning items and other activities of the credit union in supporting the strategic priorities and operational initiatives

Experience/Education:

Bachelor’s degree (B.A.) from four-year college or university in computer science and 5 years’ related experience in information security and/or training in information security; or equivalent combination of education and work experience. At least 2 years in a managerial role. Requires knowledge of networking, routers, firewalls, and/or other combinations.

Certificates & Licenses: Required Certification:
- Certified Information Security Systems Professional (CISSP)
Preferred Completed or Pursuing other Certifications including, but not limited to:
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified Ethical Hacker (CEH)
- Cisco Certified Network Associate (CCNA)
- Global Information Assurance Certification (GIAC)
- Subject Alternate Name Certification (SANS)

Interpersonal Skills:

Should possess excellent communication skills, both written and verbal. Must possess good decision-making and analytical skills, and an ability to exercise good judgement. The ability to motivate or influence others is a material part of the job, requiring a significant level of diplomacy and trust. Obtaining cooperation (internally and/or externally) is an important part of the job.

Other Skills:

- Standard concepts and best practices within the Information Technology and
Telecommunications field.
- Firewall technologies; designing, implementing, programming and maintaining firewalls.
- Hacking, virus and security threats, techniques, technologies, detection, and prevention
- Copper, fiber, and wireless technologies.
- TCP/IP; ports, sockets, routing and subnetting.
- Ethernet, SDWAN, MPLS, VPN and remote access technologies.
- Microsoft desktop and server operating systems that include but are not limited to
- Windows 10/11 and Windows Server 2016 or greater.
- Microsoft Office, Microsoft Visio, and Microsoft Project.
- Microsoft's Outlook 365.
- Enterprise storage technologies; iSCSI, SAN, fiber channel and replication technologies.
- Firewall Security
- Router and Switch Security
- Windows Security
- Linux Security
- Expert knowledge SEIM’s
- Familiar with External/Internal penetration testing/vulnerability scanning
- Have worked with outside security vendors
- Understanding of tcp/ip networking