Description:
CIVIC CULTURE Our organizations believe we can all do well by doing good. We value the contributions of diverse minds and prioritize the success and well-being of our employees. We also believe every person in our organization plays a role in supporting a healthy environment and helping to achieve our goal of prosperity for all. To this end, we recruit bright, energetic, and talented people to be members of our team. In return, we offer a dynamic workplace that presents opportunities for professional advancement and individual growth. We strive to always display integrity, self-awareness, courage, and respect for one another while continuing to seek opportunities to learn. We really believe that when our employees succeed, our community wins. ABOUT THE POSITION The VP, Information Security and Risk Governance will build, implement, and execute the Credit Union's Information Security Program. This role will be responsible for identifying, evaluating, and monitoring the overall security risk profile across the organization by assessing the effectiveness of information security controls and processes. This person will be defining and aligning information security governance and risk strategies for the Information Security Committee and ensuring exposures to cyber risks are identified and managed at an acceptable level. The VP, Information Security and Risk Governance will serve as the Information Security Officer for the organization, driving it to achieve its cyber security objectives through the proactive evaluation and enhancement of the organization's Information Security Program, activities and controls that prevent or mitigate the impact of compliance risk. NORMAL DAY-TO-DAY WORK
- Collaborate with Legal, Risk, Compliance and key business leaders to identify information management and protection laws and regulations; implement actions to ensure compliance.
- Identify information security regulatory, legislative, and industry specific compliance requirements.
- Establish annual and long-term goals for the proper maintenance and security of information across the organization, defining risk and governance strategies, metrics, and reporting mechanisms.
- Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks.
- Develop executive and board-level communications as it relates to the organization's cybersecurity posture.
- Develop, document, and assess measures, metrics, and internal controls related to the maturity of the organization's information security program.
- Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards.
- Develop and manage the organization's cybersecurity risk management strategy, framework and approach.
- Integrate cyber security risk reporting and aggregate reporting into the organization's overall enterprise risk framework.
- Develop and maintain a Security Risk Management Framework (SRMF) per industry standards and applicability (e.g. NIST CSF), to include but not limited to, performing an annual Security Risk Assessment.
- Recommend programs to enhance the overall maturity of the organization's Information Security Program and tracking of its progress.
- Evaluate existing information security risk monitoring metrics and tools, develop metrics and insights where appropriate, and seek to enhance the maturity of information security analytics.
- Monitor compliance controls and catalog risk assessments utilized by the organization as it pertains to security risk, and then evaluate those assessments for best practices and gaps.
- Display integrity, self-awareness, courage, and respect for staff while ensuring learning agility and flexibility communicating and delegating effectively. Work effectively, collaboratively, and creatively in a team-oriented environment both internally and externally.
- Take ownership for actions, decisions, and results; openly accept feedback and demonstrate both the willingness and ability to improve.
JOB QUALIFICATIONS Here are a few skills you MUST have to be qualified for this position.
- Minimum 10-12 years of progressive IT, networking, server administration, auditing, investigations, strategic risk management, and/or business/management consulting.
- Minimum 4-6 years of experience managing cross-functional, multi-business unit projects reflective of management or leadership role.
- Bachelor's degree in Information Security, Information Systems, Information Technology or Computer Science.
- Experience building and/or growing an IT Security practice with direct hands-on technology skillsets.
- Ability to function in a Consumer business office environment and utilize standard office equipment including but not limited to: PC, copier, telephone, etc.
- Ability to lift a minimum of 25 lbs. (file boxes, computer).
- Travel required on occasion.
Here are a few qualities we'd LIKE for you to have to make you more suited for this position.
- Certified Information Systems Security Professional (CISSP) or equivalent certification.
If you have questions about this position description, please feel welcome to ask. You can reach our HR Department at: Civic Human Resources 3600 Wake Forest Road, Raleigh, NC 27609 careers@civicfcu.org Requirements:
Please see job description
PI253629290
|