Head of Information Security
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
Lenexa, KS 66219
We live here. We work here. We play here. We KC. As Kansas City’s largest credit union and one of the top locally-based financial institutions, we’re pretty proud of what we’ve built over the last 80 years. At CommunityAmerica, our main goal is to do whatever we can to help our members achieve financial peace of mind. In order to make that happen, we need to have the right people on our team. That’s why we believe in taking good care of our amazing employees. This means constantly looking for ways to reward our teammates and helping them lead a balanced, healthy life. So if you’re just looking for another job, you’re not in the right place. But if you want to love what you do, make an impact in your community and have the power to help people change their lives-then we’re glad you’re here.
The Head of Information Security is responsible for leading the Information Security Program at the Credit Union and securing the Credit Union’s information assets. The position leads the vision of the Information Security department and a team of staff and resources to build and maintain an Information Security Program which meets regulatory requirements and organizational risk tolerance. The Director of Information Security also maintains the role of the Information Security Officer responsible for cyber compromise response and annual cyber security reporting to the Board of Directors. The position educates executive management on key security metrics that impact enterprise risk to ensure strategic initiatives align. The Director of Information Security utilizes technical experience and competency to lead the Information Security Program.
Duties and Responsibilities
- Leads the technical expertise and direction of the Information Security Program and Department.
- Leads the annual IT Risk assessment, penetration test, vulnerability scans, and social engineering tests in which this position synthesizes results and implements action plans for resolution to an issue.
- Responsible for conducting monthly vulnerability scans and communicating the critical results to executive management.
- Educates executive management on cyber risk through reporting and presentations.
- Monitors Information Security industry trends and educates the organization of critical information.
- Develops, plans, and manages the Information Security Program to include policies, procedures, and standards.
- Leads the annual security awareness training, new hire training, and monthly sales training to ensure all levels of staff and management are well-educated regarding information security practices.
- Leads the project initiatives to research, validate, and manage Information Security vendors and products to ensure robust detection, prevention, and monitoring tools are in place.
- Defines the Information Security plan to resolve gaps identified from audits, risk assessments or vulnerability scans.
- Leads the day to day operations of the Information Security Program and department for the enterprise.
- Leads cyber security investigations providing summaries and recommendations to resolve the matter. Works closely with IT and project teams to ensure that new projects meet or exceed information security requirements.
- Achieves Information Security and operational objectives by developing and executing strategic plans which reduce risk to information assets.
- Protects information assets by developing security strategies, directing system access control, monitoring, and response.
- Implements regulatory requirements, industry standards, and best practices such as NCUA, FFIEC, GLBA, PCI DSS, NIST 800-53, and ISO 27001 ensuring the Information Security Program is held to the highest standard.
- Leads Information Security projects to align with organizational strategic objectives, goals, and risk tolerance.
- Advises executive management team on critical security issues and recommends risk reduction solutions.
- Perform other duties as assigned.
Education and Experience Requirements:
- Bachelor degree in Computer Science, Information Technology or related field.
- CISSP, CISA, CRISC, or CISM professional certification or similar.
- At least 8 years of Information Security professional experience.
- Experience with standards and best practices such as NCUA, FFIEC, GLBA, ISO 27001, PCI DSS, SOC 2 compliance, NIST 800-53, HIPAA, and FedRAMP requirements.
- Required demonstrated knowledge of information technology security trends and leading best practices.
- Minimum of 5 years’ experience directly leading technical service or security focused staff in a team environment.
- Experience and expertise in managing and administering infrastructure and data systems.
- Minimum of 5 years’ experience in at least five of the following: access control systems and methodology; business continuity and disaster recovery planning; risk, response, and recovery; network security architecture; security management practices; audit and monitoring; enterprise and IT risk assessments; incident response management.
Required Knowledge, Skills and Abilities:
- Requires working knowledge of financial service institutions and its operations and procedures.
- Excellent management skills and the ability to prioritize multiple initiatives and projects.
- Ability to establish strategic direction for the department and provide the roadmap of initiatives and priorities in support of that vision.
- Excellent analytical skills and ability to aggregate data and subsequently communicate that data so that it is relatable to the business.
- Requires the ability to synthesize information across multiple data points and communicate effectively to the executive management team.
- Ability to operate at all levels of the organization, and to both motivate and influence others that are often in a more senior position.
- Excellent interpersonal skills including oral and written communications.
- Ability to manage change within the organization.
- Ability to maintain a high level of confidentiality.
- Technically proficient in IT and Information Security controls and concepts.
- Demonstrate flexibility and the ability to work in a team environment.
- Strong organizational and planning skills, resourcefulness, and creative problem solving skills.
- Demonstrated business and technical acumen, including the ability to read, analyze and interpret reports and documentation.
Equal Opportunity/Affirmative Action Employer Disabled/Veterans
“CommunityAmerica Credit Union is an equal opportunity employer and all qualified applicants will
receive consideration for empoyment without regard to race, color, religion, sex, sexual orientation,
gender identity, national origin, disability, protected veteran status, or any other protected classes.”