Information Security Officer - Cybersecurity Focus

- Safeguard the personal and confidential financial information of our members. - Act as the Credit Unions designated Information Security Officer, with enterprise responsibility for executing the Information Security Program and reporting directly to executive leadership and the Board or its designated committee. - Provide governance, oversight, and independent risk assessments while partnering with IT and business units for operational implementation. - Create and administer information security programs to establish a robust security-focused culture at our organization. - Protect both physical and digital assets from loss or corruption. - Execute and manage an anti-phishing program involving ongoing testing, training, and remediation efforts. - Conduct regular internal and external vulnerability scans. - Evaluate workstation and server vulnerabilities to guide prioritization and patching efforts. - Collaborate with IT to address vulnerabilities, ensuring they stay within target KPIs. - Oversee and coordinate the annual PCI DSS self-assessment. - Maintain and regularly update Incident Response Plans. - Supervise physical security tests annually, including assessments of CCTV, fire alarms, and ingress/egress security measures. - Stay informed about current laws and regulations relevant to information and physical security. - Deliver continuous cybersecurity awareness and specific training via live sessions and online modules. - Research, recommend, develop, and implement new security products, services, programs, and practices in line with Board policy. - Oversee the governance and management of the Identity and Access Management (IAM) program, ensuring regular user access reviews are conducted by system owners and admins. - Advise on and enhance our security measures through effective software and hardware solutions for loss prevention and disaster recovery. - Manage third-party risks by conducting due diligence and ongoing assessments. - Perform regular risk assessments and present findings to executive leadership and the Board. - Lead investigations into incidents and post-incident reviews to determine root causes and corrective actions. - Coordinate the upkeep and testing of business continuity and disaster recovery plans. - Evaluate security architecture for new systems, applications, and projects. - Prepare for and support regulatory examinations and internal/external audits. - Ensure security practices align with BSA, AML, and OFAC compliance requirements in collaboration with our Compliance leadership. - Maintain active memberships in InfraGard and FS-ISAC. - Engage in disaster recovery and contingency drills with key third parties regularly. - Perform other related duties as assigned.