VP, Cybersecurity

About The Position

Requirements

• Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, Computer Information Systems, Security Management, or a related field of study.
• 10+ years of cybersecurity, cyber operations, technology risk, business continuity, disaster recovery, or operational resilience experience, including senior leadership responsibility.
• 3+ years' leadership across multiple cyber operations and resilience functions, including SOC, incident response, disaster recovery, application security, vulnerability management, business continuity, or cyber resilience.
• Strong communication skills (written, verbal, and listening) with specific ability to translate detailed technical threat and vulnerabilities to business risk.
• Proven leadership experience and the ability to interface with all levels of the organization (executive to entry level).
• Deep knowledge of SOC, SIEM, EDR, threat intelligence, vulnerability management, and cyber defense operations.
• Understanding of Secure SDLC, application security, and DevSecOps.
• Expert knowledge of regulations and best practices for technical security deployments in a financial industry setting.
• Strong grasp of project management concepts and their practical application as it relates to information technology and security projects.
• Expertise in incident response and forensic processes, specifically in mission-critical and high-pressure environments.
• Excellent problem-solving and analytical skills.
• Proficiency with Word, Excel, PowerPoint, Microsoft Project, and Visio.
• Certified Information Security Systems Security Professional (CISSP)
• Driver's License with an acceptable driving record.

Nice To Haves

• Experience leading business continuity, disaster recovery, cyber recovery, or operational resilience programs in complex environments preferred.
• Experience supporting audit, exam, regulatory, and risk management activities in a financial institution or similarly regulated environment preferred.
• Experience managing vendors, budgets, security platforms, recovery platforms, and cross-functional enterprise programs preferred.

Responsibilities

• Lead and mature the enterprise Security Operations Center, including 24/7 threat monitoring, detection, triage, escalation, and response.
• Strategize, plan, and identify process improvements to support SOC Target Operating Model maturity and operational effectiveness.
• Oversee the Security Information and Event Management platform and related detection technologies.
• Integrate SIEM, EDR, threat intelligence, alerting, and response capabilities across enterprise environments.
• Establish and track key operational metrics, including MTTD, MTTR, alert fidelity, incident trends, and response effectiveness.
• Own the enterprise cyber incident response program, strategy and capability.
• Lead executive-level cyber crisis response across IT, Legal, Risk, Compliance, Communications, Operations, and senior leadership.
• Develop, maintain, and test cybersecurity playbooks and response procedures.
• Ensure incident response plans are integrated with business continuity, disaster recovery, crisis communications, and operational recovery procedures.
• Lead and own the enterprise Business Continuity and Disaster Recovery functions and strategy, ensuring the organization can maintain or restore critical business services during disruptive events.
• Establish and maintain a coordinated operating model across business continuity, technology disaster recovery, cyber recovery, crisis management, and operational resilience.
• Partner with business leaders to validate critical processes, recovery strategies, manual workarounds, communication plans, staffing models, and member-impact considerations.
• Provide executive reporting on continuity readiness, recovery capability, testing outcomes, residual risk, and enterprise resilience posture.
• Lead operational execution of application security practices in partnership with engineering, product, technology delivery, and enterprise security stakeholders.
• Oversee application vulnerability management and remediation accountability.
• Drive DevSecOps alignment, automation, and scalable security practices.
• Partner with application and platform owners to ensure critical applications have appropriate recovery plans, backup strategies, vulnerability remediation practices, and cyber resilience controls.
• Own the enterprise backup and cyber recovery strategy in partnership with technology, infrastructure, business continuity, and enterprise security stakeholders.
• Ensure backup architecture, retention, immutability, restoration procedures, and recovery capabilities support ransomware resilience and business recovery needs.
• Oversee periodic restoration testing and cyber recovery exercises for critical systems and data.
• Participate in the Architectural Review Board as the cyber operations, recovery, and resilience voice.
• Collaborate with technology, engineering, infrastructure, cloud, data, and business teams to ensure operational security and recovery considerations are embedded into enterprise technology decisions.
• Provide cyber operations and resilience guidance for major projects, integrations, platform modernization, vendor changes, and enterprise technology changes.
• Champion the adoption of Zero Trust, identity-first security, secure-by-design, and resilient-by-design principles in alignment with enterprise security policy and architecture direction.
• Ensure cybersecurity operations and resilience functions adhere to established enterprise security policies, standards, procedures, and control requirements.
• Partner with the SVP of Enterprise Security to operationalize security policy expectations within cyber operations, BC/DR, and recovery activities.
• Support control validation, evidence collection, and operational effectiveness reviews related to cyber operations and resilience functions.
• Serve as the primary cyber operations and resilience contact for audit and exam documentation, coordination, and tracking of cyber, BC/DR, and recovery-related findings.
• Participate in security control testing, security design reviews, risk assessments, business impact analysis reviews, and continuity/resilience assessments.
• Support the SVP of Enterprise Security in advancing enterprise priorities across Information Security, Data Governance, Artificial Intelligence governance, and Physical Security.
• Participate in and support Data Governance, Artificial Intelligence governance, and Physical Security strategy where cyber operations, monitoring, incident response, or resilience involvement is required.
• Support Artificial Intelligence governance through secure use monitoring, operational controls, policy adherence, incident readiness, and emerging risk awareness.
• Support Physical Security alignment where cyber risk, operational resilience, fraud prevention, member safety, facility disruption, or incident response overlap.
• Promote a strong culture of cyber awareness, operational security accountability, and resilience readiness across the organization.
• Staff Management and Development.

Benefits

• Generous 401(k) match
• 401k Discretionary Profit Sharing
• Health Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term and Long Term Disability
• Health Savings Account with company contribution
• Employee Assistance Program
• Paid Vacation, Sick, Floating Holidays and Volunteer Time Off
• Paid Holidays
• Tuition Reimbursement
• Paid Parental Leave