empty

Information Security Manager

OneAZ Credit Union

Job Description

Posted on: 
November 24, 2024

Summary and company overview

Summary

The Information Security Manager is responsible for implementing, maintaining and enhancing the organization's information security strategy and program. This role will be responsible for overseeing the day-to-day security operations, ensuring compliance with regulatory requirements, and protecting the credit union's information assets. The Information Security Manager will work closely with the CISO and cross-functional teams to assess, manage, and mitigate security risks.

Company Overview

Our culture is one-of-a-kind! You’ll be joining a team of friendly, hardworking, helpful associates with the same mission guiding all that we do: We exist to improve the lives of our members, our associates and the communities we serve. We are proud to be an equal opportunity employer and value diversity. We offer robust benefits including low-cost medical, dental, and vision plans, gym reimbursement, paid parental leave, generous personal days and vacation time, and an award-winning 401(k) program among many others.

Responsibilities

  • Carry out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsible for interviewing, hiring, and training associates; planning, assigning, and directing work; managing performance; rewarding and coaching associates; addressing complaints and resolving problems.
  • Conduct regular risk assessments and vulnerability analyses to identify potential threats to information assets. Develop and implement risk mitigation strategies.
  • Lead the incident response team in managing and mitigating security incidents. Develop and maintain incident response plans and conduct post-incident reviews.
  • Manage and mentor information security team, fostering a culture of security awareness and continuous improvement.
  • Develop and deliver security training programs to employees, promoting best practices and enhancing the organization’s security posture.
  • Work closely with IT and compliance teams to ensure the integration of security measures into all business processes and technology solutions.
  • Establish and maintain security monitoring tools and processes. Prepare regular reports for executive management on security metrics, incidents, and compliance status.
  • Establish, update, and enforce information security policies and procedures to comply with industry regulations such as GLBA, PCI-DSS, and other relevant standards.
  • Manage security policies and standards organization-wide to ensure the protection of corporate data against unauthorized use, access, modification, disclosure and deliberate or inadvertent destruction.
  • Assist in audits and regulatory examinations, providing documentation and security evidence as required.
  • Review penetration testing and security results for external and internal auditors. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.
  • Assist the VP CISO in coordinating and managing the integration of information security objectives with organizational projects and goals.
  • Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels.
  • Monitor network for security violations. Respond to incidents of intrusion and penetration immediately. Investigate security breaches, including full documentation of events and effective retention of evidence.
  • Works closely with the Vendor Management team in all aspects of Information Security vendor assessments, System and Organization Controls (SOC) reviews, and escalating issues associated with vendors, as needed.

Job Requirements

Required Qualifications

  • High School Diploma Required
  • Bachelor's Degree in Information Security, Computer Science, or a related field required.
  • 5 to 8 years of similar or related experience in Information Security field Required
  • 3 to 5 years of experience leading a security operations team. Required

Preferred Qualifications

  • Master's Degree in Information Security, Computer Science, or a related field preferred.
  • 3 to 5 years of similar or related experience in the financial services industry, specifically with credit unions or banking institutions. Preferred
  • Certified Information Systems Security Professional (CISSP) Preferred
  • Certified Information Security Manager (CISM) Preferred
  • Comptia Security+ Preferred
  • Proficient in security technologies such as firewalls, intrusion detection/prevention systems, and encryption methods.
  • Familiarity with cloud security and network security protocols is essential.
  • In-depth understanding of financial regulations and security frameworks (e.g., GLBA, PCI-DSS, NIST)
  • Exceptional verbal and written communication skills, with the ability to explain complex security concepts to diverse audiences.
  • Strong analytical and problem-solving abilities, with a focus on detail and accuracy.

Additional commentary

This job description should not be considered all-inclusive. It is merely a guide of expected duties. The associate understands that the job description is neither complete, nor permanent and may be modified at any time. At the request of their supervisor, an associate may be asked to perform additional duties or take on additional responsibilities without notice. Complies with all policies and standards. Position grades could fluctuate based on market value.

Additional Notes: Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws. All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws. Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC). Any individual who meets the definition of a mortgage loan originator and is employed by a federal agency-regulated institution will need to be registered on NMLS.

Summary and company overview

Summary

The Information Security Manager is responsible for implementing, maintaining and enhancing the organization's information security strategy and program. This role will be responsible for overseeing the day-to-day security operations, ensuring compliance with regulatory requirements, and protecting the credit union's information assets. The Information Security Manager will work closely with the CISO and cross-functional teams to assess, manage, and mitigate security risks.

Company Overview

Our culture is one-of-a-kind! You’ll be joining a team of friendly, hardworking, helpful associates with the same mission guiding all that we do: We exist to improve the lives of our members, our associates and the communities we serve. We are proud to be an equal opportunity employer and value diversity. We offer robust benefits including low-cost medical, dental, and vision plans, gym reimbursement, paid parental leave, generous personal days and vacation time, and an award-winning 401(k) program among many others.

Apply now