Director of Information Security

About The Position

Requirements

• Bachelor’s degree in Computer Science, Management Information Systems or closely related subject required.
• Documentable knowledge of Cyber Incident Response, IDS/IPS, SIEM, PAM, Patch Management, Vulnerability and Risk Management, Data Classification Management and Threat Detection and Management.
• Five (5) years of experience as a Cybersecurity Manager, Information Security Manager, CISO, or similar role
• Ability to communicate effectively with technical and non-technical Stakeholders, including senior management.
• Very strong analytical & problem-solving skills,
• Strong written and oral communication skills with an understanding that group presentations on created work is required for knowledge transfer, incident and problem management systems & procedures.
• Ability to drive consistent and repeatable results.
• Self-starter, dependable partner, as well as team player.
• Successful candidates must pass pre-employment credit checks, background checks, and drug screens.

Nice To Haves

• Advanced degree preferred.
• Security+, CEH, CySA+, CISM, CISA, CISSP certification preferred.

Responsibilities

• Analyze information databases and applications for potential security risks.
• Monitor security system to identify new threats or needs for updates.
• Develop or enhance training for employees in security awareness and new procedures.
• Provide updates to the NCUA for regulatory compliance including notifications on any security incidents.
• Provide updates to the Board of Directors and executive leadership on any security incidents as directed by the CIO or stated in Orion policies and procedures.
• Work with CIO and technology leadership to develop new or enhance current security procedures to reduce or eliminate potential threats.
• Work with CIO and technology leadership to oversee implementation of new policies and procedures.
• Work with the Director of IT – Networking & Operations to improve the efficiency, effectiveness, reliability, and security of the on-premises and cloud computing infrastructure of Orion systems.
• Work with organization leaders on updates to business continuity planning and regular testing of continuity plans.
• Lead in performing regular audits with third parties, including audit firms as well as regulatory agencies.
• Work with Facilities team to implement new or enhanced physical security systems and procedures related to information security and protection of Orion technology assets.
• Responsible for the configuration of tools including but not limited to: Virus Software, password protections software, vulnerability management software, activity log management, honeypots and privilege access management.
• Conduct SOC 2 review of third-party IT security controls.
• Work with Third Party Security Operations Center for reporting, trends and incident response.
• Responsible for reporting which evaluates detection, firewall, and traffic log data to identify activities including but not limited to: policy violations, abnormal behaviors, intrusions, best practice recommendations, etc.
• Conduct network forensics as required as a result of any cyber breach.
• Champion all IT security best practices in all layers.
• Analyze daily incident reporting trends from IDS/IPS and SIEM logs.
• Research trends, news and threats in cyber space and recommend best practices to secure credit union data.
• Conduct ongoing tests of all company networks to determine weaknesses.
• Facilitate ongoing phishing testing and training of staff.
• Work with Microsoft Engineer on AD security hardening.
• Drive and facilitate Cyber Incident Response Policy including contingency plans.
• Drive and facilitate Data Classification Policy.
• Facilitate penetration testing, risk assessments, vulnerability and threat assessments of networks and systems. Ensure timely remediation and tracking of all findings.