The VP, Chief Information Security Officer (CISO) directs enterprise-wide security programs, including overseeing strategy, operations, and the budget for protecting Logix enterprise information assets. Responsible for enterprise-wide data and information security initiatives, policies, standards, evaluations, staff and organizational awareness. Partners closely with the designated Enterprise Risk Management (ERM) Officer, Legal, and management throughout the credit union to ensure that technological and physical access controls effectuate the organization's data privacy policies. Develops and implements flexible, reliable and maintainable security solutions, assesses the risk of existing and planned information systems, and provides the highest level of quality service to both members and employees.
Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets; drives, maintains and regularly updates IT security strategies, plans, and implementation roadmap.
Plans, directs and coordinates information security policies, procedures, standards, guidelines, and controls to ensure that all information systems are functional, secure and compliant with privacy laws and regulations.
Ensures the 24x7 monitoring of access to all systems and maintenance of access control profiles on computer networks and systems; ensures the monitoring of threats and takes preventive measures to mitigate impact of known and unknown threats; designs and executes penetration tests and security audits.
Oversees identity and access management; ensures documentation of access authorizations is maintained for all applicable resources; develops and maintains appropriate segregation of duties within and across applications.
Ensures the installation, modification, enhancement and maintenance of system security software.
Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities; develops and maintains the Incident Management Plan and escalates possible incidents to the Security Incident Response Team; serves as the liaison with external agencies and organizations, including law enforcement, as needed for incident response and planning.
Maintains a current understanding of the threat landscape for the industry; liaises with external agencies as necessary to ensure the organization maintains a strong security posture against relevant threats and advancing threat landscape.
Ensures compliance with changing laws and applicable regulations. Directs member and employee data security awareness and education; ensures cyber security policies and procedures are communicated to all employees.
Briefs the executive team and Board of Directors on security status and risks; leads the Data Security Team and other internal security committees.
Develops annual objectives and budgets and leads the department to accomplish approved objectives within the approved budgets.
Performs Business Resumption planning for assigned departments and validates the adequacy of the plans.
Evaluates, selects, and approves vendors to maintain the quality of member services; manages vendor relationships to ensure achievement of department goals and maximum benefit for the credit union and its members.
Holds staff meetings with assigned personnel to discuss areas needing improvement, member survey results and corrective action, changes in policies and procedures, new developments or services and to present general information.
Manages subordinate supervisors and approximately 5-10 employees. Is responsible for the overall direction, coordination, and evaluation of these units. Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.
QUALIFICATIONS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and/or Experience
Must have a Bachelor's degree in Business, Information Technology Management or related disciplines with 10 or more years of IT management experience.
Must have recognized Information Security Certification (e.g. CISSP, CISA, or CISM).
5 or more years of directly related technical managerial experience.
Proficiency using MS Office products such as Excel, Word, PowerPoint, Outlook and Symitar
Masters' Degree in Business or Technology and experience in a financial institution preferred.
Must also demonstrate conduct consistent with our Corporate Values:
Practice open Communication with all levels;
Be Accountable by taking ownership of customer issues and responsibility for one's actions;
Foster Teamwork by cooperating and collaborating with other employees;
Seek ways to make the workplace Fun for oneself & others;
Conduct oneself with Integrity by being honest, trustworthy and ethical in all work activities and interactions;
Work with a Service Orientation by having a genuine concern for the needs of one's customers and by being friendly, professional and following through on commitments; and
Demonstrate Humility in all interactions and remember to leave one's ego at the door when one arrives to work.
Logix Federal Credit Union is an equal opportunity employer that does not discriminate in employment opportunities or practices on the basis of race, religion, color, sex, sexual orientation, gender identity, national origin, protected veteran or disability status, or any other status protected by law.