AVP Information Security Officer (ISO)

About The Position

Requirements

• A minimum of ten years of experience is required, including time spent in preparatory positions.
• Bachelor’s degree in Information Technology, Computer Science or related field.
• This position requires a significant level of expertise, credibility, influence and trust.
• Proficiency in developing and delivering material presentations on complex topics can be important to fulfilling the responsibilities of the position.
• Will be required to work outside of scheduled hours to respond to pertinent position issues.

Nice To Haves

• Relevant certifications (e.g. CISSP, CISM, CISA) strongly preferred.
• CRVPM ( Certified Regulatory Vendor Program Manager) strongly preferred.
• Project management experience and certifications strongly preferred.

Responsibilities

• Responsible for the design, performance, planning, budgeting, securing, monitoring, and integration of Cybersecurity initiatives throughout the credit union.
• Develop, implement and maintain the credit union’s information security strategy, standards and policies.
• Consult with all levels of management to determine information security requirements to establish boundaries and priorities for new projects and to discuss system capacity and equipment acquisitions.
• Establish, adhere to and enforce system security policy and standards; develop, maintain and update appropriate policies and procedures.
• Maintain an awareness of all laws, regulations, developments and trends that may affect Information Systems, vendor management and information security.
• Conduct regular risk assessments; vulnerability assessments and scans; and penetration tests on technology infrastructure, applications and networks to identify and address potential risks.
• Develop risk mitigation plans to safeguard against cyber threats and vulnerabilities.
• Conducts annual and periodic information security training for staff.
• Conduct Incident Response table-top exercises to meet Incident Response Plan policy requirements.
• In coordination with the Information Technology Officer (ITO), conduct an independent 3rd party IT/Information Security Audit annually – to include External and Internal PEN testing.
• Manage the Vendor management program and maintain ongoing vendor due diligence, and the Watch List management matrix and provide monthly Vendor Management Report to the Board and Senior Management.
• Co-chair Disaster Recovery and Business Continuity planning.
• Periodically test the emergency restoration plan for the company and other applications as deemed appropriate.
• Develops, maintain all information security policies and procedures.
• Maintain the Business Network of Emergency Resources (BNET) Corporate Emergency Access System (CEAS) for badge holders.
• Maintain subscriptions and memberships with FS-ISAC, US-CERT, and FBI InfraGard.
• Provide monthly Information Security report, annual NCUA 748 Information Security Program status report to the Board and Senior Management.
• Responsible for tracking and reporting information security updates, vulnerabilities remediation, information and physical security incidents, CATO incidents, Red-Flag Identity Theft incidents, GLBA unauthorized disclosure incidents and Information Security threats.
• Must comply with applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, the Gramm-Leach-Bliley Act (GLBA), and the Office of Foreign Assets Control.