Manager Information Security

About The Position

Requirements

• Specialized or Technical Knowledge and Skills: The Manager Information Security is a data security professional skilled at managing IT security activities in a complex, multi-system/multi-vendor computing environment. A strong, practical working knowledge of information security concepts and technical architecture are necessary along with an ability to take technical concepts and translate them into business impact.
• A bachelor's degree is required, preferably in Information Technology or Computer Science.
• A minimum of three years of experience in the information security field.
• A Certified Information System Security Professional (CISSP) certification is required
• Demonstrated experience in managing and working with third party vendors.
• Demonstrated ability to research and implement innovative solutions that have improved security, operational efficiency, quality, and service levels.
• In-depth understanding of the financial services or highly regulated business, and the applications systems and technical infrastructures needed to support them.

Nice To Haves

• additional certifications such as a Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) are preferred.

Responsibilities

• Develops, maintains, and reviews appropriate information security policies and procedures needed to maintain the integrity of the information security program.
• Conducts threat focused business impact analysis to maintain an inventory of business impacting cyber threats.
• Organizes and conducts cybersecurity simulation exercises.
• Acts as the IT Security, Business Continuity, and Vendor Management central point of contact for the annual NCUA exam and IT Controls Audit.
• Ensures proper policies, procedures, risk mitigation activities, and operation controls are followed. Reports gaps in policies, procedures, and operating controls to leadership to ensure member impact and risk is mitigated.
• Responsible for performing information security risk assessments on a scheduled basis that focus on ensuring policies and procedures are consistently applied.
• Attends/makes presentations to the WEOKIE Board of Directors and various Board Committees as assigned.
• Assist with development of company wide information security training materials for computer-based training modules and build company wide information security awareness materials.
• Support technology/systems that enable all vendor management activities by administering the Tandem platform.
• Responsible for vendor risk assessment and execution of other vendor management activities as needed. This includes administration, processing risk acceptance documentation, and maintaining the schedule of vendor management activities.
• Maintain, develop, update, and test WEOKIE's Business Continuity Plan.
• Write reports to summarize testing activities, including results and recommendations.
• Act as Business Continuity Coordinator in the event of an incident, to ensure that WEOKIE's Business Continuity Plan is implemented.