Full job descriptionRole:Responsible for managing the corporate information security program to ensure confidentiality, integrity, and availability of credit union data assets. The program will include policies, standards, and guidelines to cost effectively manage the risk to the business due to the utilization and implementation of information technology infrastructure and applications. Lead integration of security within technical architecture and organizational initiatives. Lead and manage the information security department providing guidance, training, and support to the security department while fostering collaboration with other internal departments and or external auditors and regulators as needed.Major Duties and Responsibilities:

• Manage security policies and standards organization-wide to ensure the protection of corporate data against unauthorized use, access, modification, disclosure and deliberate or inadvertent destruction.


• Manage security criteria/standards for evaluation existing and proposed applications providing an assessment of vulnerability and risk. Provide continual reassessment of the security posture of the credit union. Provide consultation support for all departments who have identified security concerns and/or vulnerabilities. Manage appropriate plans to mitigate potential security weakness.


• Manages annual IT audit work, including annual plan development, audit fieldwork, writing of issue reports, and partnership with colleagues in Internal Audit to perform IT testing during projects (i.e. Integrated Auditing)


• Manages the creation and collection of documentation from IT and business departments in preparation for NCUA, DFI and external audit annual exams.


• Manages Credit Union corporate BCP/DR plan.


• Collaborates with IT management to review and work with appropriate personnel to perform annual tests of BCP/DR and IRP plans.


• Continually conduct and manage data security forensic analysis and risk assessment to evaluate the entire infrastructure for breach vulnerability. Publish and manage network security guidelines for implementing firewalls, router filters, and related web server security tools and barriers.


• Review penetration testing and security results for external and internal auditors. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.


• Montor network for security violations. Respond to incidents of intrusion and penetration immediately. Investigate security breaches, including full documentation of events and effective retention of evidence. Work with law enforcement authorities as appropriate.


• Identify regulatory changes that will affect data and application security policy, standards, and procedures. Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels.


• Assist the VP/CIO in coordinating and managing the integration of information security objectives with organizational projects and goals.


• Educate staff and members, as directed and appropriate, so information security relating to vulnerabilities, viruses, fraud scams, and tools available for personal as well as system/network protection.


• Assist the VP/CIO in managing system plans for disaster recovery and use of related software from a security perspective.


• Recommend, implement, and oversee ongoing administration of an effective change management process to realize high uptime performance of all critical systems, with minimal degraded system effect and high quality of change.


• Oversee compliance with information security internal policies and procedures and regulatory requirements. Work with outside consultants/agencies, as appropriate for independent security audit