Description
Position Purpose and Objectives
- The Director of Information Security is responsible for: defining, implementing, and evolving the information technology & information security control policies, and standards.
- Coordinates and manages the design, documentation, development, maintenance, and exercising (testing) of the overall disaster recovery plans for each critical functional area of the credit union.
- Will ensure all IT systems meet industry standards, through internal, external and NCUA audits and resources.
- Responsible for IT risk assessments and analysis to identify points of vulnerability as related to vendor management, BC/DR, physical and logical IT security.
Major Duties And Essential Functions
- Manages IT compliance to include security regulations and controls, 3rd party independent audits and NCUA examinations.
- Defines and measures enterprise Information Technology compliancy to defined policies, standards, and guidelines.
- Oversees and evaluates the effectiveness of the information security program throughout Texans Credit Union and provides periodic reporting.
- Conducts and/or coordinates regular assessments or audits of systems, and make recommendations for changes.
- Reviews security policies as necessary to comply with changes in the law, regulations, company ethics, and other compliance requirements.
- Creates awareness training programs of security policies and IT controls including best practices, and procedures to ensure that all staff has an understanding of where they fit and how to contribute to the overarching risk, security and IT control environment.
- Defines, develops, documents and audits compliance to enterprise-wide information security standards and policies. Coordinates with Senior Management and Internal Audit and produces the deliverables required.
- Manages the IT departments Change Control meetings and documentation.
- Maintains and oversees compliance with Vendor Management program for IT Vendors.
- Recommends tools, and services to deliver secure information technology services within budget restrictions.
- Identifies and evaluates technology risk, and internal controls which mitigate risk, and related opportunities for internal control improvement and works in conjunction with the Network/Security team to implement changes.
- Establishes and updates BC/DR documentation, and testing methodologies; plans, and coordinates the testing of recovery support and business resumption procedures. Acts as the liaison between Information Technology (IT) and Texans Credit Union departments.
- Assures critical systems are identified for recovery and records for recovery are identified and properly maintained.
- Conducts IT business impact analysis and assists Texans Credit Union departments to determine critical business processes, and acceptable recovery times.
- Performs risk analysis for all credit union departments to identify points of vulnerability and recommends disaster avoidance and reduction strategies.
- Helps develop credit union incident response procedures; distributes and updates emergency procedures and works with management to respond to security threats.
- Assists recovery support and business resumption staff during and after a disaster.
- Works closely with senior management and IT leadership to define and evolve information technology standards and controls.
- Oversees the inventory library of internal operating procedures, policies and controls.
- Participates in planning the organization's long-term system needs.
Positions Directly Supervised
Security Analyst
Requirements
Specific knowledge, skills, and abilities required for this position:
- Strong working knowledge of all areas of the credit union and the ability to develop a clear understanding of the Texans Credit Union functional processes and resources.
- Strong knowledge of FFIEC Cybersecurity requirements
- Experience implementing and maintaining FFIEC Cybersecurity requirements
- Strong knowledge of networks, security, infrastructure, voice, operations and application software development.
- Good project management skills with the ability to plan and organize. Strong interpersonal skills needed to interface with managers, their staff, and vendors.
- Strong organizational, problem solving, troubleshooting and diagnosis skills, with Critical thinking skills.
- Working knowledge of a variety of financial products and services; excellent member service skills.
Education: Bachelor’s Degree or equivalent working experience. CISSP, and or/ CISA security certifications and Certified Disaster Recovery planner certification is a strongly desired.
Experience: 10 years of progressive experience in the information technology field with at least 5 years’ experience in Disaster Recovery Information Technology Risk, IT Standards and Controls and Security. Experience in audit process definition and execution as applied to compliance within the financial industry strongly desired. Management experience required.