VP/Information Security Officer

Reporting to the SVP/Administration & Risk, the Information Security Officer (ISO) will be responsible for information security strategy, program, activities, and risk mitigation in supporting the Credit Union's strategic plan.

Responsibilities

With oversight of third-party vendor information security management, this role administers related policies, procedures, and software. In collaboration with the Information Technology team and business areas across the Credit Union, the ISO also supports data governance, records retention, business continuity, and vendor management. Key responsibilities include:

• In collaboration with Information Technology and Credit Union management, develop and deploy the enterprise-wide information security framework, strategy, and program consistent with regulatory standards and industry best practices;
• Conduct information security risk/vulnerability assessments and oversee security penetration testing;
• Oversee the management of security incidents and breaches, including response planning, investigation, and reporting;
• Collaborate with stakeholders on oversight and reviews of user security, data loss protection, trends, environmental scans, and related mitigation;
• Oversee and facilitate coordination of information security training for employees and board of directors, including exercises in awareness, phishing, social engineering, smishing, etc.;
• Conduct independent evaluation and monitoring of Information Technology's internal controls, reporting, processes, and procedures;
• Manage programs, plans, and metrics for cybersecurity incident response and business continuity;
• Oversight of vendor management processes and system, including vendor selection process, risk ratings, onboarding, subscriptions, and renewals;
• In collaboration with the Risk team, oversee and evaluate vendor risk assessments, due diligence, security reviews, and related activities;
• Review vendors' system and organization controls (SOC) reports;
• Develop and deploy vendor risk management training for Credit Union management and board of directors;
• Serve as a principal contact and information reporting resource for auditors, regulatory examiners, and related parties:
• May supervise 1-3 direct reports.
• Other duties as assigned
  
  

Requirements

A complete job description is available upon request

• Bachelor's degree in computer science, engineering, information systems, business, or a related field.
• 5-7 years' experience developing and overseeing information security and/or risk management at a financial institution.
• Security or related certification required, for example, Certified Information Security Analyst (CISA), Certified Information Security Manager (CSIM), Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CSSP).
• Project management certification preferred.
• Management experience strongly preferred.
• Or an equivalent combination of education and experience sufficient to perform the essential functions of the job
• Intermediate proficiency with related software, such as for information security management, enterprise risk management, vendor management, and/or compliance.
• Intermediate technical/computer skills, particularly with Microsoft Suite.
• Advanced communication skills.
  
  

This position is designated for direct applicants only; recruitment agencies or third-party recruiters are requested not to engage.

Rockland Federal Credit Union is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Job Posted by ApplicantPro