Director of Information Security (remote opportunity)

Publix Employees Federal Credit Union (PEFCU) was established over 60 years ago to provide financial services with lifetime value to Publix Super Markets, Inc. employees and their families.

PEFCU Benefits/Perks:

• Medical, Dental and Vision insurance plans with one option at NO cost for employee only coverage!
• HUGE contributions toward dependent premiums!!
• Generous Paid Time Off program (approximately 5 weeks a year)
• 11 paid holidays per year
• 401(k) retirement plan and profit sharing
• Pay for performance incentive programs
• Time off for giving back to your community!
• Tuition reimbursement
• And much, much more!!!

We are committed to improvement, driven by feedback, and focused on organizational growth. We expect and demonstrate our values (Caring, Inclusive, Transparent, Innovative, and Accountable) every day, creating an environment where all associates can add value and feel valued.

Find your value here as the...

Director, Information Security

The Director of Information Security's role is to manage, maintain, evaluate and reduce risk to the credit union related to Information Security. Responsible for providing oversight and guidance to others within the organization on Information Security and the implementation of security controls related to various organizational programs, systems, or enclave environments. The Director of Information Security will be responsible for maintaining compliance with applicable security regulations and leading the information assurance program for various classified information systems. This can be a remote opportunity with visits to our corporate office in Lakeland, Florida as often as monthly, if needed.

What you will do…

• Contributes to strategic planning, direction, and goal setting for the department in collaboration with senior management.
• Establishes departmental policies, practices, and procedures that have a significant impact on the organization.
• Implements processes and methods for auditing and addressing non-compliance to Information Security standards. Facilitates migration of non-compliant environments to compliant environments.
• Conducts studies within and outside the organization to ensure compliance with standards and currency with industry security norms.
• Manages and participates in the planning and implementation of security administration for all IT projects.
• Responsible for evaluation and selection of security applications and systems.
• Makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective or to strengthen security measures.
• Responsible for identifying potential Information Security risks for existing and new projects.
• Responsible for managing and maintaining a sufficient vendor management program, including SOC and SSAE16 reviews.
• Recommends modifications to application development, database design, networking, or infrastructure architecture with the goal of complying with internal Information Security policies and standards.
• Monitors emerging products, technologies, or best practices that will improve security for the organization and its stakeholders. Assists senior leadership in the development of security policies, standards, and strategies.
• Performs or participates in security audits, identifies security gaps, and develops and implements risk mitigation solutions.
• Responsible for documenting, coordinating, and participating in the business continuity and recovery plan.
• Responsible for the credit union's incident response plan
• Manage and maintain Information Security policies and procedures.
• Responsible for vulnerability management, threat monitoring, Information Security risk assessment and compliance, physical security access control.
• Leads and directs the work of other employees and has responsibility for personnel actions including hiring, performance management, and termination.
• Assumes other duties and responsibilities as assigned by management.

What you need…

• Advanced technical expertise on vulnerability management, threat monitoring, Information Security risk assessments and compliance, physical security access control.

• Advanced technical expertise in analyzing end-to-end risk management life cycle, threat event data, evaluating malicious activity, documenting unusual files and data, and identifying tactics, techniques and procedures used by attackers.

• Advanced technical expertise in security engineering systems and network security, wireless security, web application security, authentication and security protocols, cryptography and application security.

• Advanced knowledge in using common technology controls industry best practice and regulatory frameworks (e.g., NIST, ISO, COBIT, FFIEC handbooks, etc.)

• Demonstrated problem-solving and analytical skills.Expert understanding of security systems including firewalls, encryption, and password protection and authentication.

• Hands-on experience securing virtualized, and cloud hosted environments.

• Experience with computer network penetration testing and techniques

• Hands-on experience configuring and deploying security within cloud technologies, firewalls, security tools, networks, and physical/virtualized data center equipment

• Knowledge of governance, risk and controls with respect to technology governance, risk and compliance and/or technology strategy, technology investment, and portfolio and program management
• Ability to collaborate with high-performing teams and individuals throughout the firm to influence outcomes and accomplish common goals.
• 7-10 years of related experience
• 4 years of leadership experience in Information Security (required)
• 3-5 years in financial services industry (banking, credit union, etc)
• Bachelor's degree in computer science, Information Security, management of Information systems, business administration or related degrees.
• Master's degree in computer science, Information Security, management of Information systems, business administration or related degrees. (preferred)
• One or more of the following s required: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC)

What’s in it for you…

• Competitive pay
• Pay for performance incentive program
• Medical, Dental and Vision insurance plans with one option at NO cost for employee only coverage!
• Stellar benefits/perks
• Work/life balance

Apply now!