Office Status: Hybrid
Salary: Up to $170,000
Responsibilities:
Serve as the primary driver of the information security and physical security risk culture and process.
Oversee the day-to-day efforts to develop, implement, and maintain an effective Program, including the policies and related procedures.
Ensure that employees adhere to the requirements outlined in the Program policies and procedures.
Monitor and provide updates to evolving information security risks.
Ensure that the Union has adequate cyber security insurance.
Oversee the completion of the ACET, Information Security/GLBA, New Products & Services, PMO, and the Governance Risk & Compliance Risk Assessments.
Provide the Board, ERM Committee, Supervisory Committee and Management with updates on the Program.
Oversee the Information and Physical Security training program.
Evaluate the impact on the Program of new products, services, and third-party vendors.
Develop metrics and analytics of information security risks relative to regulatory guidelines, internal policies, and internal risk appetite thresholds.
Develop and prepare an effective and comprehensive monthly and quarterly risk reporting and analysis package for Management, Enterprise Risk Management Committee, NCUA (as requested), Supervisory Committee, and the Board of Directors.
Work collaboratively with business unit leaders; Develop strategies to address unusually complex or difficult information and physical security risk scenarios.
Recommend information security requirements, access levels to the network, and other critical systems.