Director Information Security

About The Position

Requirements

• Minimum High School degree or equivalent
• Minimum 8+ years’ experience progressive roles in information security, risk management, and business continuity with 6+ in management, preferably in the financial industry.
• Advanced Microsoft Office skills; aptitude in various software application and basic understanding of LAN/WAN, Internet, electronic communication systems, telecommunications, information security technologies (e.g., firewalls, VPNs, penetration testing, security devices);familiarity with ISO 27001 framework
• Ability to: Weigh business risk and enforce appropriate security measures
• Prioritize and manage several projects at once and meet deadlines on projects assigned
• Work professionally and courteously with fellow staff members
• Ability to lead and/or be the subject matter expert for member/staff processes; exert regional influence or corporate knowledge sharing
• Ability to sit and stand; answer calls; operate computer; interact with internal staff and public on the phone; travel to designated offices; lift up to 20 lbs.

Nice To Haves

• Bachelor’s degree in business, computer science or a related field preferred
• CISSP/CISM/CISA preferred
• Advanced knowledge of federal, and state cyber-security (ISO, NIST, NCUA etc.) policies preferred.

Responsibilities

• Align the risk treatment to the stated risk appetite.
• Maintain sufficient authority, stature within the organization, knowledge, background, training and independence to perform assigned tasks.
• Maintain independence from the IT operations staff.
• Manage state of information security reporting.
• Leads a team of Information Security professionals, ensuring the highest security standards throughout Blaze Credit Union.
• Establish and implement the information security governance structure and strategies, priorities, and directives consistent with the vision and in alignment with Blaze Security Risk Strategy.
• Lead the enhancement, management and enforcement of information security directives.
• Ensure the access control, disaster recovery, business continuity, incident response and information risk management needs of the organization are properly addressed.
• Assure capabilities of information security devices are fully implemented and reviewed.
• Lead incident response efforts to contain, investigate and prevent future information security events.
• Coordinate Business Impact Analysis updates and Business Continuity Management testing.
• Manage information security related policies and supporting documents. Assure diagrams and charts are developed and updated.
• Work with HR, Learning & Development, Facilities, IT, Legal, and Enterprise Risk Management to update policies, employee handbook and acceptable use documents.
• Perform or manage ongoing risk assessments and other information security assessments to ensure that information resources are adequately protected and meet regulatory requirements.
• Participate in and coordinate all efforts with regulators and independent auditors.
• Perform information security reviews to assure practice aligns with policy and procedure. Coordinate and manage remediation efforts for information security assessments.
• Lead information security education efforts. Develop awareness and training initiatives to educate the workforce and members/customers about information security issues. Conduct new hire information security classes and ongoing education for executives.
• Vice-Chair of the Information Security Steering Committee.
• Lead third-party risk management efforts to ensure adequate performance and security practices are in place. Work with vendors, outside consultants and other third parties to improve information security within the organization. Participate in third-party reviews and assessments.
• Oversee Blaze’s security strategy, policies and controls to protect the data and all systems from threats.
• Ensure the ongoing integration of information security with business strategies and requirements.
• Participate in the Enterprise Risk Committee, IT Change Committee and all IT Committees.
• Contribute to strategic planning processes as required.
• Act as information security subject matter expert to Blaze CU, members and peers.
• Subscribe to threat notification networks, new regulations and information sharing networks to stay current on requirements and new threats to the industry.
• Attend continuing information security and fraud education appropriate to the position Attend company sponsored information security training/education classes including the following areas – BSA, AML, OFAC, privacy, guarding customer information.
• Comply with applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control
• Exhibit Blaze’s Core Value’s: Better Lives, Thoughtfully Compassionate, Minnesota’s Best, and Give Back
• Regular and predictable attendance
• Perform other duties as assigned to support effective department operation

Benefits

• low-cost medical (as low as $20 a paycheck)
• dental insurance
• vision insurance
• quarterly bonuses
• generous vacation and sick time hours
• paid leave options
• up to 6% 401k contribution
• tuition reimbursement