Information Systems Security Officer
We are seeking an Information Security and Compliance Manager to oversee and recommend acceptable risk levels for the credit union, ensuring the integrity, confidentiality, and availability of information. This includes on-premise solutions, modules, and systems.
Responsibilities:
Serve as the process owner for information assurance, ensuring compliance with regulatory requirements and security policies.Collaborate with leadership to ensure consistent application of cyber and information security policies.
Report to the Executive Team and Board of Directors on the Information Security Program and audits.
Monitor data, access controls, and user profiles, and design reports to identify security issues or intrusions.
Ensure disaster recovery and business continuity processes are tested and updated regularly.
Work with IT to conduct risk reviews and implement mitigation strategies.
Recommend tools to enhance security posture and provide security training during onboarding.
Conduct quarterly vulnerability assessments and review vendor security documentation.
Collaborate with IT, Security, and Compliance to ensure robust security protocols.
Actively engage in strategic corporate discussions.
Threat Management:
Monitor security devices and services to mitigate identified threats.Maintain situational awareness of systems and vendor ecosystems.
Collect, analyze, and correlate security-related data to ensure daily monitoring activities are documented.
Risk Assessments:
Conduct IT risk assessments for key systems and processes.Manage and update the Information Security Risk Assessment Framework based on IT General Controls (ITGC) and security standards.
Present findings and recommendations to leadership.
Policy and Procedure:
Develop and maintain information security policies, procedures, and guidelines, including disaster recovery and compliance reporting.
Compliance and Enforcement:
Ensure compliance with security policies, privacy regulations, and information security laws.Investigate security misuse and unresolved exposures.
Review and update security policies and procedures annually.
Project and Risk Governance:
Chair the Information Security Committee and contribute to Vendor and Risk Management Committees.Assess third-party data security risks and assist with regulatory compliance.
External Audits:
Participate in audit preparations and respond to regulatory examination questions.Maintain documentation of issues and remediation plans. Access Control, Cisco Technologies, Firewall Technologies, IDS, IPS, Active Directory, Auditing, Authentication, Computer Hardware, Configuration Management, Financial Services, CISSP