Cybersecurity Manager

Sierra Central Credit Union•Yuba City, CA

just now•$130,000 - $151,000•Onsite

About The Position

We are seeking a Cybersecurity Manager to lead and grow a team responsible for performing end-to-end security and threat analysis across credit union enterprise initiatives. This role ensures that information security best practices, regulatory requirements, and risk management principles are embedded into system and business process designs. The Cybersecurity Manager provides daily leadership and operational oversight of the Credit Union’s cybersecurity and physical access security programs. Responsibilities include implementing, monitoring, and optimizing security technologies, processes, and third-party services such as the Security Operations Center (SOC), with a strong focus on protecting member information and critical financial systems. This role is accountable for scaling and maturing the cybersecurity function, including hiring, onboarding, and training staff; managing team operations; and aligning security initiatives with the Credit Union’s strategic objectives and risk appetite. The Manager serves as a technical subject matter expert across key cybersecurity domains—including network, application, cloud, and enterprise security controls—and works closely with the CIO, CISO, IT teams, facilities management, risk and compliance functions, and external vendors. Together, they ensure effective security controls, timely incident response, regulatory readiness, and prompt identification and remediation of cybersecurity and physical security risks.

Requirements

Exceptional leadership, communication, and problem-solving skills required.
Excellent strategic and critical thinking skills.
Excellent verbal, written and interpersonal communication skills required.
Ability to provide leadership and direction in cybersecurity functions, including guiding security efforts, coordinating activities, and supporting decision-making across teams.
Ability to interpret, implement, and evaluate security control frameworks, such as the Cloud Security Matrix, NIST Cybersecurity Framework (CSF), and CIS Controls.
Ability to understand and work effectively with cloud technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
Ability to perform threat analysis and build threat models using industry-recognized methodologies such as MITRE ATT&CK.
Ability to interpret and apply data security and privacy regulations, including but not limited to PCI DSS, SOX, GDPR, and CCPA.
Ability to support and execute cybersecurity engineering, security operations, and incident response activities, ensuring effective and timely resolution of security events.
Ability to balance security policies, procedures, and best practices with operational needs to maintain a secure and efficient environment.
Ability to identify, recommend, and implement process improvements to enhance the maturity, efficiency, and effectiveness of cybersecurity operations and services.
Must work well under pressure, meeting multiple and sometimes conflicting deadlines.
Seven or more years of cybersecurity experience, including a minimum of three years leading or managing a cybersecurity team or program.
Bachelor’s degree preferred, however relevant experience may substitute with Active security certification (e.g., CISSP, CISM, CISA, Security+, or equivalent)
Understanding of Zero Trust Architecture, endpoint security, and SIEM tools.
Familiarity with security controls such as Cloud Security Matrix, NIST CSF, CIS.
Knowledge of common Cloud Services offered (IaaS, PaaS, SaaS)
Experience performing Threat Analysis and modeling leveraging best in industry frameworks such as MITRE ATT&CK.
Understanding of various data/privacy regulations (e.g. PCI DSS, SOX, GDPR, CCPA)
Complete understanding of Cybersecurity Engineering/Operations and Incident Response modalities, requirements, and functions.
Experience with process improvement and maturing/transforming operations or services

Responsibilities

Managing, deploying, and maintaining security infrastructure
Oversee daily operation of cybersecurity tools and controls (SIEM, SOC services, EDR, firewalls, IDS/IPS, IAM)
Conducting vulnerability, penetration testing and identifying follow-up actions to mitigate failures and address any weaknesses
Maintaining up-to-date knowledge on cyber-security technologies and standards while automating security controls, data and processes to ensure proper configuration, maintenance, and monitoring
Validates alerts, investigations, and response actions performed by the SOC
Serve as the subject matter expert with the ability to educate and explain common threats affecting Network, Cloud, Web and Application environments as well as best practices in the Cyber Security industry, including remediations for OWASP Top 10, CWE/SANS Top 25, CIS controls, and NIST guidelines
Proven ability to successfully manage projects by establishing clear goals and deliverables, adhering to deadlines, proactively managing risks, and maintaining effective stakeholder engagement and communication
Act as primary point of contact with SOC providers.
Investigate, review, and validate alerts, incident tickets, and escalations.
Ensure SLAs, escalation procedures, and response timelines are met.
Participate in investigations and coordinate responses with IT teams.
Execute incident response procedures under CIO/CISO guidance.
Coordinate containment, eradication, and recovery activities.
Maintain incident documentation, timelines, and evidence.
Support post-incident reviews and corrective actions.
Support updates and maintenance of business continuity plan/program
Participate and lead BCP-IRP trainings and tabletop exercises
Oversee vulnerability scanning and remediation.
Coordinate patching and mitigation with IT operations.
Manage physical access control systems (badges, key cards, biometric systems) and coordinate with facilities to ensure alignment between physical and cybersecurity controls for comprehensive protection.
Oversee visitor management processes and ensure compliance with policies.
Monitor and review physical access logs for anomalies or unauthorized activity and Support investigations involving physical access incidents.
Translate strategic goals into actionable security roadmaps, initiatives, tasks and provide tactical updates and metrics to CIO.
Escalate risks with clear, actionable recommendations.
Manage relationships with security vendors and service providers.
Review SOC reports, vulnerability scans, and dashboards.
Assist with tool evaluations, onboarding, and integration.
Maintain operational procedures, runbooks, and playbooks.
Ensure alignment between documented procedures and practices.
Support audits and regulatory exams with evidence of control operation.

Benefits

Medical, Dental & Vision Insurance options
Voluntary Lines including hospital indemnity, accident, and critical illness policies
Company Paid HRA (with enrollment in certain health plans)
Company Paid Basic Term Life Insurance
Coverage at 2× annual base salary, up to a maximum of $500,000 for full-time employees
$25,000 for part-time employees
Company Paid Long-Term Disability Insurance for Full-Time Employees
Company Paid Telehealth Services Membership (Teladoc)
Company Paid Employee Assistance Program (EAP)
401(k) Retirement Plan
Employer-funded safe harbor contribution of 3% of employee's eligible earnings
Discretionary employer match on employee contributions
Flexible Spending Accounts
HSA
Medical FSA
Dependent Care FSA
Limited Purpose FSA
Paid Time Off
Vacation accruals based on status and tenure within company
12 sick days accrued annually for full-time employees
1 hour for every 30 hours worked for part-time employees
11 paid holidays (eligible after 90 days of employment)
Travel Expense Reimbursement
All necessary and work-related travel expenses will be reimbursed in accordance with company policy