Chief Information Security Officer

About The Position

Requirements

• Bachelor's degree in computer science, Information Systems, Cybersecurity, or related field; advanced degree preferred.
• Minimum 10 + years of progressive experience in information security, cybersecurity, risk management, including at least 5 years in a senior leadership role.
• Proven ability to lead and develop high-performing teams, building a culture of accountability and continuous improvement.
• Demonstrated knowledge, experience, and use of common information security management frameworks, e.g. NIST CSF
• Extensive experience with information security technologies, markets, and vendors (e.g., firewalls, intrusion detection/prevention, SIEM, encryption, identity and access management).
• Proven experience in information security strategy, governance, and incident response within a regulated environment.
• Experience with regulatory compliance frameworks (NCUA, FFIEC, GLBA, PCI DSS) and audit processes.
• Excellent communication and influencing skills, with the ability to engage executive leadership and the board on risk and security matters.
• Ability to use independent judgment and discretion in various situations while maintaining a high degree of confidentiality.
• Ability to manage multiple priorities in a dynamic environment, exercising sound judgment and maintaining confidentiality.
• Must develop a thorough understanding of credit union policies and procedures as they relate to information security; must understand and comply with all job-related state and federal laws and regulations.

Responsibilities

• Develop and execute an enterprise-wide information security vision and strategy aligned with organizational priorities and IT roadmap.
• Establish and maintain an enterprise information security governance program, including policies, standards, risk management practices, and internal controls.
• Provide regular reporting to executive leadership and the board of directors on security posture, risks; and key performance indicators.
• Partner with Enterprise Risk Management, IT, and Compliance to establish and govern information security policies, standards, and third-party security requirements to protect member data and internal resources.
• Provide executive oversight of security incident response and cyber event management, ensuring effective escalation, communication, and resolution.
• Oversee vulnerability management, business continuity, and disaster recovery planning to ensure organizational resilience.
• Monitor emerging threats and advise on proactive risk mitigation strategies.
• Lead and develop the Information Security team driving performance, coaching, and professional growth.
• Oversee internal and external penetration testing, vulnerability assessments, and regular scheduling of technology audits/exams conducted by third parties.
• Serve as the primary liaison with regulatory agencies, auditors, and external partners on matters related to information security.
• Performs other duties as assigned.