Vice President - Information Security Risk

About The Position

Requirements

• Bachelor's Degree (Information Systems, Cybersecurity, Computer Science, Business preferred)
• Minimum 5 years of information technology, cybersecurity, governance, risk management or other related work experience OR 10 years years of related work experience in leu of degree (within financial institutions or other regulated industry is a plus)
• Minimum 5 years of management experience
• Comprehensive knowledge and experience in applying IT and Information Security standards and governance frameworks(NIST CSF,CIS Controls, etc.)
• Knowledge and experience in applying risk management practices, including risk identification, risk analysis, risk measurement, control development and testing
• Proficient oral and written communication and presentation skills, specifically for briefings to upper management and executive committees with both technical and non-technical backgrounds
• Strong leadership, staff management, and project management skills
• Strong organizational and time management skills
• Strong relationship building and problem solving skills
• Sound judgment and critical thinking skills, ability to think strategically considering impact to credit union operations and safety and soundness

Nice To Haves

• Information security, risk or audit related designation or certification, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other equivalent

Responsibilities

• Develop and establish a second line of defense information technology/security risk framework and oversight program to oversee information technology/security activities across the enterprise
• Develop, establish, and enforce information technology/security risk standards; measure and report on adherence to defined standards
• Perform oversight activities such as risk reviews, risk assessments, control monitoring, and validation testing to identify information technology/security risks or non-compliance with policies, program procedures and standards, applicable laws, rules or regulations
• Engage with key stakeholders to develop proactive risk mitigation strategies for areas of non-compliance or increased risk; review and validate mitigation plans to ensure identified risk is mitigated to an acceptable level
• Develop and maintain key metrics to monitor and oversee information technology/security risks in accordance with the Credit Union's Risk Appetite; report results to management, senior leadership, and applicable risk or Board-level committees
• Collaborate with the Enterprise Risk Management (ERM) function to ensure integration and reporting of information technology/security risks within the ERM program
• Monitor industry trends and emerging risks to inform or recommend enhancements to the information security program accordingly
• Collaborate with senior management and business units to establish a culture of information security by actively promoting security awareness and shared responsibility
• Actively seek regular discussions with key stakeholders to provide risk guidance, consultation, and credible challenge for implementations or changes in information technology/ security activities
• Serve as liaison and support during internal/external audits or regulatory examinations of the information security program
• Consistently model conflict resolution, tact, and negotiation skills through appropriate persuasion and genuine empathy throughout all interactions
• Coach and train direct reports in information technology/security risk identification, risk analysis, risk measurement, control development & testing; also provide mentoring and professional development opportunities to direct reports
• All other duties as assigned (Note: essential functions and responsibilities may change, or new ones may be assigned at any time with or without notice)