POSITION SUMMARY
The IT Manager of Information Security will be responsible for developing and implementing Security Policies, Risk Assessment and Management, Incident Management, while overseeing and coordinating the Credit Union’s Information Technology Security, Data Privacy, Business Continuity, and IT Vendor Management Programs. Stays abreast of emerging threats, hot topics and best practices. Oversee Compliance and Auditing, risk and vendor management, and disaster recovery, as it pertains to the MITFCU IT department.
PRIMARY DUTIES AND RESPONSIBILITIES
- Build and cultivate a security focused culture through partnership and collaboration with the business and technology teams to deliver customer value and improve security posture of the Credit Union.
- Develop and maintain a comprehensive Disaster Recovery plan
- Embed threat modelling, solutions architecture, secure code review into product and application teams so they are secure from the start and compliant with risk policies and regulatory obligations.
- Proactively monitoring Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk, and control gaps
- Serve as a point of escalation and subject matter expert for IT Risk and Cyber domains, including vulnerability management, data protection, cloud, and application security.
- Collaborate with team members and stakeholders on audits.
- Overseeing and managing relationships with third-party vendors to ensure they meet the organization’s security standard.
- Incident Management and Response: Overseeing the response to security breaches or attacks and implementing procedures to minimize impact.
- Risk Assessment and Management: Identifying, evaluating, and mitigating risks to maintain the security Posture of MITFCU.
- Develop and Implementing Security Polices; Crafting updating, and ensuring compliance with policies to protect the organizations’ computer infrastructure, network and data
- Educating and training staff in security best practices and raising awareness about the latest threats.
- Work with the compliance department to ensure the Credit Unit complies with regulatory requirements and conduct internal audits to assess security measures.
- Provide regular reports on the status of the security landscape to the VP, SVP and other senior management. Performs other duties as assigned.
SKILLS/QUALIFICATIONS
- Strong management, organizational, analytical, and problem-solving skills and ability to work effectively with all levels of management.
- Ability to effectively conduct presentations and training programs.
- Ability to handle multiple projects/priorities simultaneously with minimal oversight and an effective outcome.
- Ability to deal with highly confidential information.
- Excellent verbal, written, telephone and interpersonal communication skills including the ability to communicate technical information to non-technical personnel.
- PC proficient, including Microsoft Office (Word, Excel, Outlook, PowerPoint) and the Internet required. Previous experience with core banking and other ancillary financial systems is desirable.
- Excellent communication and interpersonal skills
- Excellent member and quality service skills; comfortable providing member service in a virtual environment
- Detail oriented and team focused
- Strong analytical skills
- Accurate typing skills and mathematical ability
- Good working knowledge of PC’s and familiarity with Microsoft office software
- Ability to build relationships and strong alliances across the organization
- Keeps current on changes in technology, electronic and alternative delivery methods
- Proficient verbal and written communication skills
EDUCATION/EXPERIENCE REQUIREMENTS
- Bachelor’s Degree required, preferably in a related field.
- Experience using Sophos, Nexpose Security Console , Patch Management, Knowbe4 and Wolfpac a plus
- Minimum of 5 years IT experience with at least 4 years in an IT security role and at least 2 years working in a financial institution preferred.
- At least one professional certification such as CISA, CISM, CISSP, or CRISC is required.
Professional knowledge and experience in secure network architecture, systems and vendor risk assessment, systems monitoring and testing, vulnerability and threat assessment, risk and event remediation, identity and access management, business continuity and incident response oversight, testing, and governance.