Director, Information Security

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, Engineering, Business or relevant field of study or equivalent combination of education and experience
• Minimum of ten (10) years of related experience in information security or related technology disciplines
• Minimum of seven (7) years of management and supervisory leadership experience developing and leading teams with direct reporting relationships
• 5–7+ years of experience leading cybersecurity teams with accountability for strategy, budget, and vendor management
• Prior experience in a senior security leadership role (Director, Head of Security, Deputy CISO, or CISO), preferably within financial services or another regulated industry
• Experience supporting regulatory examinations, audits, and remediation activities within regulated financial environments
• Relevant industry certification required (CISSP, CISM, CISA, CRISC, GIAC, or equivalent).
• Must be bondable

Nice To Haves

• Master’s degree in information security, Computer Science, Information Systems, Engineering, Business or relevant field of study
• Minimum of five (5) years of demonstrated strategic leadership experience
• Experience working in or with credit unions, community banks, reginal financial institutions or regulated environments
• Hands-on exposure securing digital banking, mobile, payments, account opening and contact center platforms
• Demonstrated success building or maturing security programs aligned to NIST CSF, ISO, FFIEC, and SOC frameworks
• Additional certifications such as GIAC, CEH, CCSP or cloud security certifications

Responsibilities

• Define and own UFCU’s enterprise information security and cyber risk strategy, roadmap, and policies in alignment with business objectives, risk appetite, budgets, and regulatory expectations
• Lead the design, implementation, and operation of a comprehensive cyber security program covering governance, architecture, infrastructure, networking, cloud security, application security, IAM, vulnerability management, and security operations
• Embed security-by-design practices into digital banking, payments, and member-facing platforms by partnering with Technology, Product, and Enterprise Risk teams
• Establish and maintain an effective information security governance framework, including standards, policies, and leadership forums that align cyber security priorities with enterprise goals
• Ensure compliance with applicable regulatory and industry frameworks, including NCUA guidance, GLBA Safeguards Rule, NIST, ISO, and PCI (as applicable)
• Lead internal and external examinations, audits, and assessments; oversee remediation plans and ensure sustainable closure of findings
• Oversee identification, assessment, and treatment of cyber and technology risks
• Partner with Technology, Risk, and business leaders to support business continuity, disaster recovery readiness, cyber resiliency, and enterprise operational resilience initiatives.
• Present cybersecurity risks, trends, incident readiness, and strategic recommendations to executive leadership, risk committees, and other governance groups as needed.
• Provide executive oversight of day-to-day cyber security operations, including threat monitoring, detection, and response across enterprise cyber security platforms
• Own and mature UFCU’s incident response and crisis management framework, ensuring effective coordination, communication, and executive reporting
• Partner with peer leaders to ensure the effectiveness and resilience of critical services
• Lead information security components of third-party risk management
• Oversee data protection, privacy controls, and secure data-sharing practices across the data lifecycle in collaboration with Legal, Compliance, and Data & Insights teams
• Build, lead, and develop a high-performing information cyber security organization across Governance, Risk, Compliance, Engineering, Architecture, and Security Operations
• Serve as a role model in transparent communication, two-way dialogue, and proactive communication to the team.
• Build a successful team to operate according to UFCU guiding principles, providing guidance and resources and removing obstacles as needed.
• Provide team leadership based on servant leadership principles, caring for the whole person.
• Plan, monitor, and appraise job results with an emphasis on coaching and developing employees to achieve desired performance results.
• Help teams achieve their career goals.
• Ensure team members understand how to have an impact and are aware of that impact when they've made it.
• Collaborate across Technology, Digital, Operations, Risk, Compliance, and Member-facing teams to balance security, experience, and innovation
• Serve as UFCU’s senior cyber security advisor to executives and the Board, translating technical risk into clear business impact and investment decisions.
• Communicate program, progress, risk posture, investment using metrics-driven reporting
• Collaborate with business partners to determine future needs and support necessary to achieve business unit strategy.
• Network with other financial institutions and cyber risk leaders to learn and share best practices
• Collaborate with senior leaders and actively participate in the organizational strategic planning process.
• Develop Information Security strategies in partnership with executive leadership to drive achievement of Credit Union and department goals.
• Monitor and evaluate department progress toward stated goals and make adjustments as needed based on business and department needs.
• Facilitate procurement of tools and resources to achieve organizational and department strategic priorities.
• Establish Information Security annual budget with identification of planned expenses for new or enhanced programs and services.
• Ensure effective control of results.
• Take action to guarantee achievement of departmental objectives that fall within designated budgets.
• Monitor expenses on a monthly basis to evaluate versus budget using strong financial management skills.
• Take action to make adjustments as needed based on organizational and department priorities.
• Collaborate with senior leaders on development of organizational annual budget in alignment with strategic objectives.
• Perform other duties as assigned.
• Adhere to all organizational policies, procedures, and business ethics codes.
• Complete required regulatory training as assigned.
• Maintain strict adherence and compliance to all laws, rules, regulations, policies, procedures, and internal controls specific to the role, including but not limited to the Bank Secrecy Act, Anti-Money Laundering, USA Patriot Act, OFAC, and Fair Lending regulations.

Benefits

• The physical demands described are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Frequent While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle or feel; reach with hands and arms; and talk or hear.
• Specific vision abilities required by this job include close vision, distance vision, peripheral vision, and ability to adjust focus.
• Employee will make extensive use of the telephone and virtual communications requiring the ability to explain complex information effectively and accurately.
• This position is required to frequently work at UFCU Plaza in Austin, Texas.
• This position may involve periodic stressful
• May occasionally require an adjusted work schedule, overtime, and evening/weekend
• May occasionally involve public contact, requiring appropriate professional appearance.
• Frequent computer use at a workstation for multiple hours at a
• The noise level in the work environment is usually moderate