The Information Security Manager is responsible for implementing, maintaining, and overseeing information security; controls, solutions/platforms, processes, procedures, third parties, as well as monitoring and responding to information security events and incidents. This position works closely with the Director of Information Security & Enterprise Risk Management to obtain and execute communicated strategic initiatives and objectives. This position will oversee and manage the training tasks and responsibilities of information security personnel who are supporting the operations efforts related to the areas noted above.
▪ Prepares information security report for the Board of Directors.
▪ Develops ongoing strategies for the Credit Union’s information security programs that comply with laws, regulations, and industry best practices.
▪ Identify and report on key performance indicators related to information security department activities and responsibilities.
▪ Serve as the primary contact for the examiners, internal and external auditors for your area of responsibility; includes gathering documents and evidentiary reports and responding to follow up questions.
▪ Ensure duties are cross trained with a designated individual.
▪ Maintains a broad and current knowledge base of the credit union industry. Understands the impact of developments and trends in the industry and the credit union and provides recommendations for reducing risk.
▪ Responsible for the monitoring, response and escalation of security events, incidents and high impact threats.
▪ Lead information security risk assessments.
▪ Oversee the security engineering (design and control) of information systems and processes, including reviews and approvals of design and control additions or changes.
▪ Oversee the secure configuration and management of information security systems and platforms, including reviews and approvals of design and control additions or changes.
▪ Drive information security awareness and training programs for the credit union.
▪ Responsible for overseeing processes to identify and report on the organization’s vulnerabilities and effectiveness of remediations activities.
▪ Serve as member of the Information Security Committee (ISC).
▪ Oversee the development, implementation and maintenance of information security programs, standards and procedures.
▪ Provide subject matter expertise on enterprise cyber security, threat, technology risks and potential impacts.
▪ Oversee and manage third party service and technology providers under the responsibility of the Information Security Department.
▪ Oversee and manage the BC/DR function for information security appliance/systems. This includes but is not limited to ensuring documentation and testing is kept current at all times and supports the BC/DR efforts of the organization.
▪ Act as a point of escalation on security related matters.
▪ Work closely with management, ISC and external partners to implement controls outlined according to FFIEC Information Security Standards.
▪ Ensure that information security program level documents are reviewed and updated where needed, at least annually.
▪ Fully understand and strictly adhere to all Federal Regulations as they pertain to the Credit Union and your position.
Qualifications and Skills
▪ HS Diploma or GED Certificate and a Bachelor’s Degree in Computer Science, or equivalent field experience (7+years)
▪ Certifications Preferred:
1. Certified Information Systems Security Professional (CISSP)
2. Certified Information Security Manager (CISM)
3. Certified Ethical Hacker (CEH)
4. SANS GIAC Security Certifications
▪ Knowledge in security frameworks such as: FFIEC, NIST, CIS Top 20 and PCI
▪ Expertise in cyber security threat analysis, detection and prevention activities and technologies
▪ Exceptional communicator with both technical and nontechnical audiences
▪ Windows knowledge and skills
▪ Knowledge of the principles of secure network design and web application security
▪ Have a strong understanding of process mapping (inputs, processes and outputs)
▪ Ability to assess risk rationally and provide reasonable solutions to mitigate risks
▪ Ability to write reports, correspondence, policies and procedures
▪ Ability to problem solve and possess strong analytical skills
▪ Must be able to present and lead discussions with large and small groups of employees, including management and senior management.
▪ Must have strong organizational skills.
