Job Classification: Full Time (40 hours/week)
FLSA Status: Exempt
Department: Information-IS
Reports To: SVP-Operations/COO
Job Overview
The Director of Information Security/ISO is responsible for the overall management of the information security governance and the strategic direction of cybersecurity practices within the organization. This role is crucial for safeguarding company information assets, including critical financial and personal data of credit union members, through comprehensive cybersecurity practices. The Director-IS/ISO plays a complementary role to other risk management and compliance functions within the company and offers advancement opportunities. This role is ideal for a visionary leader who is committed to advancing the security posture of the organization and protecting critical information assets. If you are passionate about information security and have a proven track record of leadership and innovation, we encourage you to apply.
Major Tasks, Responsibilities and Key Accountabilities
-
Own the information security governance, including the Information Security Plan (ISP) and its continuous adaptation to meet changing business and regulatory needs.
-
Lead the incident response team, maintain the Incident Response Plan (IRP), and ensure effective testing and training are in place.
-
Develop and maintain security policies, standards, and procedures to support the ISP.
-
Lead cybersecurity compliance efforts and build institutional maturity along industry regulations and accepted frameworks, considering future needs.
-
Oversee a comprehensive IS risk assessment program, including gap analysis and the creation of detailed reports and documentation.
-
Manage the effective use of cybersecurity tools and platforms for incident and event analysis.
-
Handle the security aspects of third-party risk management and vendor due diligence programs.
-
Lead the selection and vetting processes for vendors and managed security service providers (MSSP).
-
Direct interactions with third-party security assessments, including audits, vulnerability scans, and penetration tests.
-
Lead the IS&T segments of regulatory examination preparation and execution.
-
Administer information security internal audits and report on ISP compliance, KPIs, metrics, and the effectiveness of IT and security systems.
-
Coordinate actions required by the IT department or senior management based on security recommendations.
-
Create and monitor internal tickets and ensure corrective actions from audits are implemented, reporting outcomes to senior management.
-
Prepare and present timely reports to management and the board of directors, including the annual state of the ISP report.
-
Provide risk/control expertise to consult with and support various business unit activities and projects.
-
Lead information security awareness training and phishing simulations for the organization.
-
Chair or serve on security-related committees (e.g., RAC, BICC).
-
Arrange after-hours support for information security projects, events, or incidents.
-
Prepare, submit, and manage a departmental budget.
-
Follow Processes and procedures established to ensure compliance with the Bank Secrecy Act (BSA). Complete required annual BSA training to ensure you understand your responsibilities that apply to BSA, including:
-
Understanding of BHCCU’s policies and procedures, as well as all rules and regulations which pertain to BSA.
-
Other duties as assigned.
Major Skills and Competencies
-
Knowledge of financial institution regulatory requirements from NCUA, Wisconsin DFI/OCU, Federal Reserve, FFIEC, preferred. Familiarity with frameworks like NIST, PCI, MITRE ATT&CK, etc. a plus.
-
Familiarity with security and training/testing tools such as Arctic Wolf SIEM/MDR, Sophos EDR/XDR, Mimecast, Egress, Cisco Umbrella, Nessus, KnowBe4, or similar is preferred.
-
Exceptional communication skills, capable of engaging with all levels of the organization, including IT and other department staff, management, and external contacts.
-
Strong critical thinking, problem-solving skills, and a willingness to lead and execute.
-
Comprehensive knowledge of technology systems, networks, and advanced cybersecurity concepts.
-
Ability to work independently and in team settings.
-
Valid driver’s license and provide your own transportation.
Physical Job Requirements
-
Ability to move about and communicate with a diverse membership and employee group.
-
Ability to accomplish the described responsibilities using computers and technology.
-
Ability to sit and/or stand for extended periods of time.
-
Ability to work in a changing, challenging, and fast paced work environment.
-
Variable stress levels.
-
Occasional business travel.
Environmental Job Requirements
Typically located in a comfortable, quiet indoor area. There may be regular exposure to mild physical discomfort from factors such as dust, fumes or odors, temperature extremes, strong drafts, or bright lights.
Minimum Qualifications
-
Ability to multitask and prioritize.
-
Pass the pre-employment credit and background check.
-
At least ten years of experience leading information security, IT, or a comparable role.
-
Advanced knowledge of computer systems and network-based applications.
-
Bachelor’s degree in information systems, cybersecurity, or equivalent experience; certifications like CISM, CISSP are a plus.
Blackhawk Community Credit Union is an Equal Employment Opportunity (EEO) employer. It is the policy of BHCCU to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.