Avp, Information Security

The AVP of Information Security is part of the organization's Enterprise Risk Management team and contributes to the enterprise-wide information security program to ensure that information assets are adequately protected. This role will help lead our organization's security initiatives and protect sensitive information assets by overseeing the development, implementation, and management of our information security program, ensuring compliance with industry regulations and best practices. You will collaborate with all levels of leadership and cross-functional teams to assess risks, enhance security measures, and respond to incidents effectively. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Position requires sound knowledge of business management and a working knowledge of information security practices, technologies, and control frameworks. Serves a vital role in assurance activities related to the availability, integrity and confidentiality of member, business partner, employee and business information in compliance with information security policies and standards. The AVP of Information Security must be highly knowledgeable about the business environment, possess the ability to successfully work with stakeholders to identify safe ways to empower business objectives, and ensure that information systems are maintained in a functional and secure manner.
Essential Responsibilities Monitors essential processes to ensure compliance with policies, standards, practices and guidelines. Assists with information security compliance with applicable laws and regulations, regulatory requirements and policies and procedures, including but not limited to NCUA-748, GLBA, FACTA, Anti-Money Laundering laws and regulations, Bank Secrecy Act and USA PATRIOT Act.
Capitalizes upon technical knowledge and executive presence in owning business relationships with executive and other leadership stakeholders in order to drive enhancements to the organization's security posture in line with broader strategic objectives.
Manage and execute the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings.
Supports the IS program and other stakeholders in the management and oversight of Payment Cardholder Information Data Security Standards (PCI-DSS) compliance program.
Support, in collaboration with IT department, the program for penetration testing, vulnerability assessments, social engineering testing, and other testing on applications, systems, and infrastructure to ensure appropriate protection of sensitive member and company information.
Supports and/or manages Information Security risk management activities within the Risk Management division, including information security risk assessment, vendor reviews, life cycle management reviews, verification of asset inventories, third-party risk, and manages the remediation of identified gaps and issues.
Actively supports, in collaboration with IT and Training departments, the bank-wide/departmental information security training program.
Develop and support information and access management initiatives.
Builds and matures a culture focused on the proactive awareness and improvement of the security and risk environment.
May support and/or perform the evaluation of internal control maturity against best practices and frameworks like NIST-CSF, PCI-DSS, ISO-27000 series, and other applicable information security frameworks.
Support the development, implementation, monitoring, and maintenance of information security policies, procedures, standards, and guidelines.
Provides reporting and measurements of program effectiveness and provides analysis to senior management.
Support the management of and response to security incidents and events to protect corporate assets.
Monitor the external and internal threat environment for emerging threats, and advise relevant stakeholders on appropriate courses of action.
Coordinate the use of external resources involved in the information security program.
Conducts user access reviews and other monitoring aspects of identity and access management.
Manage miscellaneous documentation, requests processing, training, and other projects as assigned.
Participates in regular team meetings, one-on-one meetings, as well as other department-level meetings with vendors and key stakeholders as needed.
Supports, produces, and maintains tracking metrics and reporting on information security risks, topics, and other related activity.
Prepares, communicates, and delivers metrics-based information and presentations to both leadership and other areas of the organization as needed.
Maintains knowledge of industry trends, best practices, contemporary industry methodologies, and other related information.
Supports the strategic growth and operational evolution of the Department.
Ensures and promotes the highest level of integrity within the scope of department operations.
Consciously creates a workplace culture that is consistent with the overall organization's mission, vision, guiding principles, and values.
Supports and drives information security initiatives and projects throughout the organization.
Supports other Risk Management department programs and initiatives as needed.
Manages and supports creation of new processes that help the organization facilitate information security related tasks sets, review processes, and operational efficiency.
Will be inquisitive, use effective interviewing skills and discovery techniques, in order to identify information security risks.
Will train/cross-train with other information security team members to eliminate single points of operational failure.
General Departmental and Administrative Duties (10% of time) Supports the strategic agenda of Enterprise Risk management initiatives.
Assists with the implementation and administration of risk management programs.
Prepares reporting, dashboards, and scorecards as necessary to communicate key performance indicators related to Enterprise Risk.
Tracks corrective action related to Enterprise Risk and other matters as assigned.
Assists with completion of a variety of risk assessments.
Assists with completion of a variety of third-party reviews.
Completes general administrative tasks such as time tracking and SAP entry.
Gives presentations regarding managed verticals or other relative information.
Education Level: Bachelor's Degree (required) AND Post-Graduate Degree (preferred)
Years of Relevant Work Experience: 5 to 10 years
Certifications, Licenses, Registrations • Certified Information Systems Security Professional (CISSP) - Preferred
• Certified Information Security Manager (CISM) - Preferred
• Certified Information Systems Auditor (CISA) - Preferred
• Similar Credential is desired (CompTia, CEH, etc.) - Preferred
Other Training, Technical Skills, or Knowledge • Financial Services – Strongly preferred • Information Security/Cyber Security (5 – 10 years) - Required • Degree in Computer Sciences, Business Administration or a technology-related field - Required
• Information Security program management experience - Required
• Moderate to Advanced Skills with MS-Excel, MS-Word, and MS-PowerPoint - Required
• Leadership experience and executive presence - Preferred
• Must show evidence of strong communication skills - Required
• Strong propensity for action and ownership of role - Required
• Prior experience supporting an active and effective control environment - Required
• Must be proficient at writing, maintaining, and creating program documentation - Required
• Working knowledge of Enterprise Risk Management principles/frameworks - Preferred
Abilities and Behaviors below: In depth knowledge of information security frameworks, standards and guidelines.
Must be able to manage multiple priorities effectively.
Excellent written and verbal communication skills.
Proven track record and experience in assessing information security policies and procedures.
Poise and ability to act calmly and competently in high-pressure situations.
Exhibit excellent analytical skills and the ability to work well in a demanding environment.
Ability to lead and motivate cross-functional teams.
High level of personal integrity and ability to handle confidential matters.
High degree of initiative, dependability and ability to work with little supervision.
Critical thinking skills and sound judgement.
Must possess effective writing skills and the ability to deliver presentations.
Excellent organizational skills and business acumen.
Mature demeanor with the ability to effectively self-manage.
Ability to focus on delivery and achievement of strategic priorities.
Performance Standards: Meet SLA's relating to production standards & deadlines.
Ability to support Risk Management projects & initiatives.
Knowledge and understanding of relevant legal and regulatory requirements.
Support and abide by related regulations and guidelines.
Discretion / Latitude: Requires critical thinking skills, sound judgement.
Business / Work Environment: Hybrid role requiring ability to effectively work-from-home with regular/occasional in-person meetings.
The hiring range for this position is $140,00 to $160,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors.

#J-18808-Ljbffr