VP OF CYBERSECURITY
$95,000 – $110,000
Role: In charge of all aspects of Information Security for the bank branches. This role will be responsible for the information security program, including policy, technical enforcement, and the ongoing monitoring and analysis required to maintain a digitally secure environment. This will be a technical, hands-on leadership position that may be required to validate information security policies and practices independently.
Essential Functions & Responsibilities:
- Oversees the management of all cybersecurity projects to strengthen our cybersecurity posture.
- Provides plans and guidelines to improve the maturity level of our information security program.
- Promotes and facilitates activities and behavior to heighten information security awareness across the organization as a whole.
- Works with CIO in order to ensure Information Security is a key element in all future infrastructure and strategic projects.
- Assists in the improvement and oversight of the Information Security Policy and Incident Response procedures ensuring the follow of industry best practices and standard enterprise frameworks.
- Oversees the maintenance of our security awareness training program and email phishing assessments.
- Establishes and maintains the cybersecurity risk management program, which should evaluate online, mobile, and IT related risk matrices that include mitigation and inherent risk values.
- Evaluates new and existing third party vendor relationships for secure transmission and holding of data.
- Ensures the bank is transmitting data in a secure manner and identifies ways to make this process easier to promote adoption with internal staff.
- Analyzes Data Loss Prevention systems and monitors their effectiveness.
- Catalogs and reviews the SOC reports for our third party vendors to evaluate the risk to information security and recommends actions when needed.
- Reports status of all areas of responsibility using metrics and quantitative analysis.
- Acts as the main point of contact for Information Security portions of examinations from NCUA, ACUA, and any third party audits.
- Provides reporting to CIO on the findings and responses to pen testing and vulnerability findings and GLBA assessments.
- Creates and maintains secure data flow diagrams to demonstrate the institution’s effectiveness.
- Serves as an internal information security consultant to the organization, monitors advancements in information security technologies and notifies staff of any information that is relevant to the organization.
- Oversees and evaluates the effectiveness of all third party information security vendors and their products.
- Coordinates with networks infrastructure team to ensure servers and applications are appropriately patched.
- Attends conferences and training sessions to maintain a current level of proficiency required for professional growth.
- Monitors changes in legislation that may impact information security and the institution’s maturity level in relation to peers.
- Maintains awareness of any information security incidents globally that may impact our cloud services.
- Ensures our cloud services are secured and monitored in the event of an attack.
- Collaborates with all internal department heads to identify gaps in information security and how to increase our posture in those instances.
- Oversees and assists in the analysis of endpoint protection systems and reporting to ensure we are properly addressing and responding to false positives and false negatives.
- Advises in all tabletop and disaster recovery scenarios from the perspective of continuing to focus on information security in the face of a crisis.
- Upholds core values and builds team member and customer relationships.
- Completes all training required.
- Performs all other duties as assigned.
Knowledge and Skills: 8 – 10 years of similar or related experience.
Education: A bachelor’s degree, or achievement of formal certifications recognized in the industry as equivalent to a bachelor’s degree (e.g. information technology certifications in lieu of a degree).
Interpersonal Skills: Work involves extensive personal contact with others and is of a personal or sensitive nature. Motivating, influencing, and/or training others is key at this level. Outside contacts become important and fostering sound relationships with other entities (companies and/or individuals) becomes necessary and often requires the ability to influence and/or sell ideas or services to others.
PLEASE APPLY TODAY!