Director, Information Security

SAN FRANCISCO FEDERAL CREDIT UNIONSan Francisco, CA
$160,000 - $175,000Hybrid

About The Position

San Francisco Federal Credit Union is a member-driven financial institution committed to delivering exceptional service, strengthening our community, and creating a people-first culture. We invest in our people and empower leaders to drive meaningful impact for our members, teams, and communities. The Director of Information Security is responsible for leading and overseeing the Credit Union’s information security, cybersecurity, and technology risk management programs. This role is accountable for protecting organizational systems, networks, applications, and data while ensuring compliance with regulatory requirements and industry best practices. Reporting directly to the Chief Technology Officer (CTO), with a dotted-line reporting relationship to the Chief Risk Officer (CRO), the Director of Information Security partners closely with Information Technology, Risk, Compliance, Internal Audit, and business leaders to strengthen the organization’s cybersecurity posture, manage technology-related risk, and support operational resilience. The Director will lead information security operations, governance, incident response, vulnerability management, business continuity coordination, security awareness, and third-party technology risk oversight while helping enable secure digital transformation and member trust.

Requirements

  • Bachelor’s degree in Information Security, Cybersecurity, Information Technology, Computer Science, or related field required
  • Minimum of 7 years of progressive information security or cybersecurity experience, preferably within financial services or a regulated industry.
  • Minimum of 3 years of leadership or management experience.
  • Experience with cybersecurity operations, regulatory compliance, risk management, and incident response.
  • Credit union or banking industry experience strongly preferred.
  • Strong understanding of cybersecurity frameworks, governance, and risk management principles.
  • Knowledge of financial institution regulatory requirements including FFIEC, NCUA, GLBA, PCI-DSS, and vendor management expectations.
  • Experience designing and evaluating security architecture across on-premise, cloud, and hybrid environments.
  • Experience with SIEM tools, endpoint protection, vulnerability management, identity and access management, and cloud security.
  • Strong analytical, problem-solving, and decision-making skills.
  • Excellent communication and executive presentation abilities.
  • Ability to balance operational responsiveness with strategic planning.
  • Strong collaboration and relationship-building capabilities.

Nice To Haves

  • Advanced degree preferred.
  • Industry certifications such as CISSP, CISM, CRISC, CEH, or similar.
  • Experience supporting digital banking platforms and financial services technologies.
  • Experience with cybersecurity audits, examinations, and remediation programs.
  • Familiarity with business continuity and disaster recovery frameworks.

Responsibilities

  • Develop, implement, and maintain the Credit Union’s enterprise information security program and cybersecurity roadmap.
  • Establish security policies, standards, procedures, and controls aligned with organizational objectives and regulatory expectations.
  • Partner with executive leadership to identify and manage information security and technology-related risks.
  • Provide regular reporting and updates on security posture, incidents, vulnerabilities, and remediation efforts.
  • Promote a culture of security awareness and accountability across the organization.
  • Oversee cybersecurity monitoring, threat detection, incident response, and remediation activities.
  • Lead vulnerability management, penetration testing coordination, patch management oversight, and security assessments.
  • Manage endpoint security, identity and access management, email security, network security, and cloud security controls.
  • Coordinate response efforts for cybersecurity incidents, including investigation, containment, recovery, and post-incident analysis.
  • Maintain and test incident response procedures and escalation protocols.
  • Oversee BYOD policy enforcement, mobile device security, and personal device risk controls.
  • Monitor threat intelligence sources and dark web indicators relevant to member data and organizational risk.
  • Collaborate with fraud and operations teams on account takeover, ACH fraud, and identity-related threats at the security/fraud intersection.
  • Partner closely with the Chief Risk Officer on enterprise risk management initiatives related to information security and technology risk.
  • Ensure compliance with NCUA, FFIEC, GLBA, PCI-DSS, and other applicable regulatory and cybersecurity requirements.
  • Ensure compliance with NCUA 12 CFR Part 748 cybersecurity incident notification requirements.
  • Support internal and external audits, examinations, and regulatory reviews.
  • Oversee third-party technology risk assessments and vendor cybersecurity reviews.
  • Participate in business continuity and disaster recovery planning, testing, and resilience efforts.
  • Develop and administer enterprise-wide information security awareness and training programs.
  • Conduct phishing simulations, employee education campaigns, and ongoing awareness initiatives.
  • Provide guidance to leaders and employees regarding cybersecurity best practices and emerging threats.
  • Collaborate with IT and business teams to ensure security requirements are integrated into technology projects and system implementations.
  • Provide security guidance for digital banking platforms, cloud solutions, third-party integrations, and new technologies.
  • Evaluate and design security architecture across on-premise, cloud, and hybrid environments, and recommend improvements to strengthen the overall security posture.
  • Support AI governance and emerging technology risk assessments, including participation in enterprise AI evaluation and policy development.

Benefits

  • Exceptional service
  • Strengthening our community
  • People-first culture
  • Invest in our people
  • Empower leaders
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service