AVP, Information Security Officer Job Listing at Travis Credit Union in Vacaville, CA (Job ID oD9ZufwZ)

Description

Summary: Travis Credit Union's (TCU) AVP, Information Security Officer (ISO) is responsible for ensuring TCU maintains an effective information security program to ensure the confidentiality, integrity, and availability of information assets. The ISO will work closely with other departments to identify security risks, ensure implementation of policies and procedures, and compliance with relevant regulations and standards.    This role understands the latest trends in information security and is prepared to advocate for the newest, most reliable, and cost-effective technology to protect TCU's systems, data, and networks.   Profile: 

• Develops and maintains comprehensive information security policies, standards, and guidelines.
• Ensures policies are aligned with industry best practices and regulatory requirements.
• Conducts regular risk assessments to identify vulnerabilities and threats.
• In collaboration with Information Security and Infrastructure, develops and ensures implementation of risk mitigation strategies to protect information assets.
• Establishes and leads an incident response team to address security breaches and incidents.
• Investigates security incidents, document findings, and ensures implementation of corrective actions.
• Develops and delivers security awareness training programs for employees.
• Promotes a culture of security awareness across the organization.
• Ensures compliance with relevant legal, regulatory, and contractual requirements.
• Coordinates and supports internal and external security audits and assessments.
• Regularly reviews security logs and reports to identify and address potential issues.
• Collaborates with IT and other departments to ensure integration of security measures into all operations.
• Communicates security policies, procedures, and incidents to senior management.
• Ensures that security technologies are appropriately implemented and managed.
• Assesses and ensures risks associated with third-party vendors and partners are appropriately managed.
• Ensures due diligence and security assessments of third-party providers are conducted.
• Monitors and reports on third-party compliance with security requirements.
• Provides regular updates on the organization's security posture to management and the Board of Directors.
• Works closely with the internal audit team to ensure alignment of security practices with audit requirements. Provides necessary information and implements recommended improvements.

Skills: 

• Has a well-rounded understanding of security programs and protocols and technical knowledge of computer systems and data protection.
• Analytical and decision-making skills to pinpoint the best technologies to determine which strategies can prevent or resolve security breaches.
• Leadership and communication are used to motivate and relegate workers' responsibilities, as well as to explain ideas and strategies to leadership.
• Ability to partner with IT and information security department's team and personnel.
• Ability to assess security plans for existing vulnerabilities, prioritize security strategies to cover strategically important data best, analyze reports generated by their threat monitoring systems, and anticipate potential issues.
• Knowledge of the types and impact of internal and external drivers (e.g., technology, business environment, risk tolerance) that may affect organizations and information security.
• Demonstrated knowledge of regulatory requirements for financial service organizations and their potential business impact from an information security standpoint.
• Knowledge of risk assessment and analysis methodologies (including measurability, repeatability, and documentation).
• Able to analyze the effectiveness of information security controls and countermeasures.
• Demonstrated ability to interpret and implement information security policies.
• Understanding of the methods and approaches to providing continuous monitoring of security activities in the enterprise's infrastructure and business applications.
• Ability to manage incidents and post-incident activities, as well as investigative methods to identify causes and determine corrective actions.

Supervisory Relationships:

• Reports directly to the SVP, General Counsel.

Experience and Education: 

• Bachelor's degree and a minimum of 8 years of related experience; or a Master's degree and 6 years of experience; or equivalent related professional experience.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL), National Institute of Standards and Technology Cyber Security Framework (NIST CSF), and NIST 800-53.
• Experience with risk assessment, incident response, security compliance, and TPRM.
• One or more of the following certifications:
• Certified Information Systems Security Professional (CISSP)
• CISA – Certified Information Systems Auditor (CISA)
• CISM – Certified Information Security Manager (CISM)
• Experience working with legal, audit, and compliance staff.

Working Conditions: Work is generally performed within an office environment, with standard office equipment available and usually sedentary in nature. Requires traveling to Credit Union branches and other venues, and attending special and community-related events during business hours, evenings and/or weekends. Hybrid-remote work available by agreement.   Compensation: Base salary starting range:  $167,005.28/annually - $206.294.40/annually is commensurate with experience.  Our compensation philosophy is based on several factors such as (but not limited to) the scope and responsibilities of the position, the candidate's work experience, education/training, and key skills.  At Travis Credit Union, our priority is that our employees and their loved ones are provided with a Total Rewards program that insures their health and welfare safety which allows our employees to focus on the financial welfare of our members and the credit unions objectives.  As such,  Travis Credit Union offers a robust benefits package to our eligible employees, including competitive medical, dental, and vision insurance, mental health offerings, employee performance incentive plan, merit increases, 401(k) program with immediately vested employer match, generous holiday and vacation policy, and extensive TCU specific perks like employee loan and credit card discounts!  Travis Credit Union is an Affirmative Action Employer  EOE/Individual with Disability/Veteran Status    

 Apply on company website