The Director, Information Security is a strong, highly visible leader responsible for leading IT Security and IT Security Incident Response for the Credit Union. The Director is expected to possess a deep technical understanding of information security engineering and infrastructure operations. This role will work with business stakeholders to help define solution strategies and implement effective security controls that minimize risk while minimizing impact to user productivity. This position requires a blend of strategic thinking and operational excellence to deliver technical security services consistently across the Credit Union. A crucial element of the Director’s role is working with senior leaders, line-of-business managers and other key decision makers to determine acceptable levels of residual IT risk for the Credit Union as a whole. This role is also responsible for delivering a clear understanding of the levers and choices to mitigate risks as appropriate. This role will lead a best-in-class IT risk management and information security team in the delivery of advisory services for Credit Union Information Security programs.
The Director plans, coordinates, implements, audits and oversees security measures for information systems/IT assets to regulate access to Credit Union data to prevent unauthorized modification, destruction, or disclosure of information. This position also provides guidance on vendor product selection, identification of abnormalities, monitoring and resolution of security violations, policy updates and educational series.
The Director is responsible for establishing security governance and the execution of information security framework to safeguard information assets. This position will also assist infrastructure and other teams to mitigate information security related issues in addition to build and execute various security measures. This role is also responsible for researching and selecting best-in-class third-party providers for potential implementation of additional information security products, services and monitoring capabilities. The Director will lead by example, drive continuous improvement, ensure security, compliance, recoverability and maintain a relentless focus on risk management.
The Director will also have responsibility for the ongoing coordination of the Information Security and Technology Oversight Committee (ISTOC) for the Credit Union.
Essential Functions and Responsibilities
Directs the Information Security team to implement and manage a best-in-class information security program.
Collaborates with IT and other teams to establish the Information Security governance and execution framework.
Develops, documents and enforces systems data security policies and procedures.
Directs the management of security on HQ and branch file servers, application servers, web servers, virtual infrastructures and networks (VMware, others), internal and external firewalls, HIDS (Tripwire, OSSIM, CSA), and NIDS/IPS.
Manages security for LAN/WAN, wireless, VPN, RAS, and remote access for staff, Board of Directors and vendors.
Partners with IT, Project Management, and business functions to provide advice on IT risk, regulatory and compliance mandates and their impact to in-flight projects.
Develops roadmaps, strategies and projects to achieve Credit Union IT Security objectives.
Directs the development of security policies for laptops and mobile endpoints to ensure the safety of Credit Union member data.
Leads the violations report review process and prepares appropriate documentation for reporting to Credit Union senior leadership.
Maintains current knowledge of industry research to ensure TFCU is leveraging new techniques while aligning with internal standards.
Directs the Credit Union Information Security and Technology Oversight Committee (ISTOC) process.
Conducts research on emerging products, services, protocols, and standards in support of security hardware and software.
Interacts and negotiates with vendors, outsourcers, and contractors for security products and services.
Manages the information security review process for the CU vendor management program.
Recommends, schedules, and performs software improvements, upgrades, and patches pertaining to data security.
Manages penetration testing process and provides fault resolution and escalation.
Conducts Information security training to employees as needed.
Directs the ongoing FFIEC Cybersecurity Risk Profile and Maturity Model process.
Manages the Information Security requirements for the annual NCUA audit.
Directs the audit of existing systems security settings, permissions, and access controls.
Develops and publishes information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements such as NIST Framework, FFIEC, ISO 27001 or IT internal risk assessment.
Recommends methods for vulnerability detection, remediation, and oversee vulnerability testing.
Manages HR processes: Employee engagement, performance reviews, and talent development for the Information Security team.
Plans and executes to an approved budget.
Other Duties and Responsibilities
Assists with other tasks and projects as assigned.
Knowledge, Skills, and Abilities
Must possess a deep technical understanding of information security engineering and infrastructure operations
Must have knowledge of regulatory agencies’ policies, procedures and laws governing the security of data for financial institutions
Must excel in both verbal and written communications with all levels of Credit Union staff including executives, auditors, finance, legal, IT staff and third parties, in matters related to IT risk, Information Security, compliance, and audit requirements and remediation
Must have effective presentation skills
Must excel at interpreting technical documentation and procedure manuals
Must possess exceptional analytical and problem-solving abilities
Strong managerial and facilitation skills required
Must have ability to make decisions, work independently and guide the Information Security team, other IT team members and business unit partners
Must be able to evaluate systems and procedures, implementing efficiency enhancements
Must have ability to understand all business processes within the Credit Union
Must be detail oriented and well organized
Must be able to work in a general office environment
Must be flexible and able to shift resources and priorities as required
Must be able to complete all assignments with minimal supervision
Should possess a strong commitment to providing excellent service to Truliant’s members
Occasional standing, walking, bending, and stooping required
Must be able to sit at a desk for long periods of time and use a computer
Must be able to moderately lift or move up to 5 pounds and occasionally lift or move up to 10 pounds
Education and Background
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is required
Must have Bachelor’s degree in computer science or related field
Master’s degree in similar field is preferred
Requires minimum of 10 years of information security monitoring, incident response and/or threat vulnerability management
Demonstrated leader with a minimum of 5 years of management experience in a technical capacity and the ability to interface effectively with a broad range of people and roles, including senior leadership, IT leaders, and external constituents
Experience working in a team-oriented, collaborative environment preferred
About Truliant Federal Credit Union
Our mission is to improve the lives of our members and become their preferred financial institution.
Truliant Federal Credit Union was chartered in 1952 to serve the employees of Western Electric and was known as Radio Shops Credit Union. It began serving about 2,000 members and offered credit union services in Winston-Salem, Greensboro and Burlington. Today, Truliant serves over 270,000 members with more than 30 locations across the Carolinas and Virginia, and over $3.3 billion in assets.
Truliant offers honest, personalized advice to make members’ financial futures brighter. We exist to help members achieve their dreams — and we often do it better than the larger, national banks. Plus, we offer the latest online and mobile banking technology that lets members manage their money and busy family schedules.