Director of Cybersecurity
Our client is looking for a talented and experience security professional to be a part of their technology team. This AVP, Director of Cybersecurity reports directly to the CIO and is both strategic and hands-on. This key position is responsible for administrating the organization’s IT Information Security Program.
This person will:
- Work with the Risk Management Officer to develop and manage IT security policies, procedures, controls, tools, and strategies to support the functional and security requirements of systems used by the business units to support the organizations business goals and objectives.
- Manage and oversees the risk assessment of IT systems and processes and monitors compliance with all information security regulatory requirements.
- Provide consultation and risk analysis for the technical aspects of new and existing IT applications and infrastructure to ensure that adequate levels of security are deployed and consistently maintained.
- Apply leading-edge security concepts to provide a comprehensive data security plan identifying and addressing security risks and implementing practical information security standards, procedures, and controls.
Risk Assessment, Risk Management & Compliance
• Directly manage and oversee the risk assessment process.
• Ensure compliance with all information security regulatory requirements.
• Assess risks, threats, and vulnerabilities associated with the architecture and design of new and current applications, O/S, and complex network infrastructure, including information at rest and in transit. Ensure adequate levels of security are deployed, and any identified risks are mitigated.
• Ensure effective prevention, detection, investigation, and response to security threats and attacks.
• Ensuring systems and organizational databases are protected from unauthorized access and use.
• Recommends tools that prevent, detect, and respond to information security incidents.
• Oversee incident response planning as well as the investigation of security breaches. Review reports generated by the security tools in place and identify/anticipate issues that require further research or warrant other action.
• Develop and document strategies to mitigate network and data attacks and breaches.
Monitoring, Consultation & Testing
• Continually monitor the security program to ensure that electronic information and systems' confidentiality, integrity, and availability are maintained, and the continuation of business activities is provided.
• Perform security testing and vulnerability analysis of new and existing systems, working with the responsible teams to mitigate vulnerabilities.
• Evaluate the impact on the security of proposed new or changed technologies and changes to the credit union’s architecture and document configuration and deployment standards and guidelines.
• Review server Share and Directory permissions, potentially reviewing and analyzing group and individual permissions. • Integrate network design and security initiatives, including network enhancements, encryption, firewall, VPN, and DMZ infrastructure.
• Participate in business contingency planning & testing.
• Identify security solutions, tools, and monitor security trends in the financial industry. Maintain knowledge of information security tools, techniques, and technologies.
• Perform firewall audits and rule reviews. • Perform other tests that may be necessary to assess the risks, threats, and vulnerabilities to information security.
• Work with vendors to obtain results of their Application Security Assessments and SAS 70 Audit reports.
Project Management, Coordination & Training
• Point of contact for outside audit, examination entities, consultants, and information security vendors regarding all information security matters. Facilitates internal IT security-related audits, evaluates recommendations, and incorporates adopted recommendations into an existing catalog of security practices. • Lead security projects relating to internal audits, and 3rd party reviews of internal systems to ensure the timely correction of findings and technical objectives. Schedule and coordinate all third-party assessments.
• Lead project life cycle for security software, system implementations, and upgrades to maximize investment benefits.
• Liaise with vendors and evaluate their products/services in line with the credit union’s requirements, contrasting them with competitors’ offerings.
• Assist Learning & Development with implementing and tracking electronic information security awareness training for all company personnel at least annually, including new or realigned employees.
Administration of Information Security Policies & Procedures
• Provide vision and leadership for developing and supporting security initiatives.
• Directly manage and oversee the development of policies, standards, procedures, testing, and security reporting processes.
Experience and Education:
- Five years to eight years of similar or related experience.
- Bachelor’s degree and a professional certificate or a graduate degree, CISM or CISSP preferred.
- Financial service industry applications and networking experience are strongly preferred.
- Knowledge of FFIEC and NCUA audits.
- Knowledge of information security, risk management, NIST, and ISO frameworks.
- Vendor management experience preferred.
- Knowledge of GLBA regulations preferred.
- Extensive knowledge of Microsoft Office Suite and Active Directory.
- Exceptional electronic spreadsheet construction skills, specifically Microsoft Excel.
- Strong analytical skills to evaluate costs and benefits and solve complex problems.
- Ability to prioritize and use sound judgment in decision-making.