Director Information Security

Description

This position establishes and administers the overall strategies and procedures for the information security function. Develops and implements governance, risk, and compliance (GRC), through Identity & Access Management, 3rd party risk management, business continuity, data management and loss prevention, analytics, and security awareness training. This position evaluates enterprise-wide risk and is responsible for overseeing and reporting on the management and mitigation of information security risks across Blaze CU. Creates functional strategies and specific objectives under GRC and develops budgets, policies and procedures to support the Blaze enterprise-wide information and cybersecurity.

This position is responsible for leading Blaze's Information Security Steering Committee (ISSC) and IT Governance Committee (ITG) in the delivery and ongoing maintenance of a comprehensive information security program in order to protect the confidentiality, integrity and availability of all organizational information assets using administrative, physical and technical controls. The role requires a proactive approach to security and the ability to work with several departments to support information security measures.

Major Duties and Responsibilities

• Align the risk treatment to the stated risk appetite.
• Maintain sufficient authority, stature within the organization, knowledge, background, training and independence to perform assigned tasks.
• Maintain independence from the IT operations staff.
• Manage state of information security reporting.
• Leads a team of Information Security professionals, ensuring the highest security standards throughout Blaze Credit Union.
• Establish and implement the information security governance structure and strategies, priorities, and directives consistent with the vision and in alignment with Blaze Security Risk Strategy.
• Lead the enhancement, management and enforcement of information security directives.
• Ensure the access control, disaster recovery, business continuity, incident response and information risk management needs of the organization are properly addressed.
• Assure capabilities of information security devices are fully implemented and reviewed.
• Lead incident response efforts to contain, investigate and prevent future information security events.
• Coordinate Business Impact Analysis updates and Business Continuity Management testing.
• Manage information security related policies and supporting documents. Assure diagrams and charts are developed and updated.
• Work with HR, Learning & Development, Facilities, IT, Legal, and Enterprise Risk Management to update policies, employee handbook and acceptable use documents.
• Perform or manage ongoing risk assessments and other information security assessments to ensure that information resources are adequately protected and meet regulatory requirements.
• Participate in and coordinate all efforts with regulators and independent auditors.
• Perform information security reviews to assure practice aligns with policy and procedure. Coordinate and manage remediation efforts for information security assessments.
• Lead information security education efforts. Develop awareness and training initiatives to educate the workforce and members/customers about information security issues. Conduct new hire information security classes and ongoing education for executives.
• Vice-Chair of the Information Security Steering Committee.
• Lead third-party risk management efforts to ensure adequate performance and security practices are in place. Work with vendors, outside consultants and other third parties to improve information security within the organization. Participate in third-party reviews and assessments.
• Oversee Blaze's security strategy, policies and controls to protect the data and all systems from threats.
• Ensure the ongoing integration of information security with business strategies and requirements.
• Participate in the Enterprise Risk Committee, IT Change Committee and all IT Committees.
• Contribute to strategic planning processes as required.
• Act as information security subject matter expert to Blaze CU, members and peers.
• Subscribe to threat notification networks, new regulations and information sharing networks to stay current on requirements and new threats to the industry.
• Attend continuing information security and fraud education appropriate to the position Attend company sponsored information security training/education classes including the following areas - BSA, AML, OFAC, privacy, guarding customer information.

Other Duties

• Comply with applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control
• Exhibit Blaze's Core Value's: Better Lives, Thoughtfully Compassionate, Minnesota's Best, and Give Back
• Regular and predictable attendance
• Perform other duties as assigned to support effective department operation

Requirements

Experience/Education/Certifications/Licenses

• Minimum 8+ years' experience progressive roles in information security, risk management, and business continuity with 6+ in management, preferably in the financial industry.
• Bachelor's degree in business, computer science or a related field preferred
• CISSP/CISM/CISA preferred
• Advanced knowledge of federal, and state cyber-security (ISO, NIST, NCUA etc.) policies preferred.

Demonstrated Knowledge

• Strong knowledge of the development and administration of an information security program
• Experience in the policy and regulatory environment of information security in the banking industry
• Working knowledge of:
• Latest security and privacy legislation, regulations, advisories and vulnerabilities
• Business continuity management
• Third-party risk management
• Advanced Microsoft Office skills; aptitude in various software application and basic understanding of LAN/WAN, Internet, electronic communication systems, telecommunications, information security technologies (e.g., firewalls, VPNs, penetration testing, security devices);familiarity with ISO 27001 framework
• Ability to:
• Weigh business risk and enforce appropriate security measures
• Prioritize and manage several projects at once and meet deadlines on projects assigned
• Work professionally and courteously with fellow staff members

Communication Skills

Ability to lead and/or be the subject matter expert for member/staff processes; exert regional influence or corporate knowledge sharing

Physical Requirements

Ability to sit and stand; answer calls; operate computer; interact with internal staff and public on the phone; travel to designated offices; lift up to 20 lbs.

Diversity creates a healthier atmosphere, and we encourage diverse applicant depth and breadth. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

We are committed to providing salary ranges for all open positions. Please note that the specific compensation for this role will be determined based on your experience, qualifications, location, and internal equity considerations.

The salary range for this position is: $126,495-$189,743. This range reflects the base salary for this position. We have other benefits associated with this position which include: low-cost medical (as low as $20 a paycheck), dental insurance, vision insurance, quarterly bonuses, generous vacation and sick time hours, paid leave options, up to 6% 401k contribution, and tuition reimbursement.