Title: VP – Chief Information Security Officer

Status: Exempt

Reports to: SVP – Chief Information Officer

Department: IT – Information Admin

Job code: 11758

Pay range: $193,600.00 - $242,000.00 Annually

General Description:

Strategically lead all aspects of security across the Credit Union, including safeguarding the ongoing operations of information technology, confidential and proprietary data, member account access, electronic communications; fraud technology and mitigation; and the physical safety of our employees, members, and visitors. Lead the planning, oversight, and ongoing effectiveness of assigned programs, including member information security, enterprise fraud technology and operations, and physical security programs. Collaborate with senior management on enterprise initiatives and standards to ensure alignment with our risk management appetite and to accomplish strategic goals and objectives.

• Provide enterprise leadership and contribute subject matter expertise as needed across the Credit Union to further organization initiatives, provide business intelligence and insights, support peers and the CEO, strengthen operations, innovate, and advance achievement of Credit Union strategic and financial goals.
• Strategically lead solutions and technical operations for information security, fraud technology, and physical security across the Credit Union, including safeguarding the ongoing operations of technology systems, confidential and proprietary data, member account access, electronic communications, and the physical safety of our employees, members, and visitors.
• Proactively oversee a 24/7 production environment designed to operate with the highest levels of safety, security, and trust for our members and employees.
• Organize and prioritize critical issues and required information to facility change, efficient discussions, and decision-making.
• Be available to make leadership decisions as needed for a business that operates twenty-four hours a day, seven days a week, while keeping appropriate executive management abreast of member or employee impacting events.
• Ensure procedures and controls are operationalized to protect our members information and assets, as well as the organizations physical property.
• Collaborate with senior management on enterprise initiatives and standards to ensure alignment with our risk management appetite and to accomplish strategic goals and objectives.
• Continually scan the Credit Union’s environment to identify and remediate potential security weaknesses and ensure compliance with applicable security regulations and standards.
• Maintain a thorough understanding of state and federal laws and regulations related to credit union compliance including bank secrecy and anti-money laundering laws appropriate to the position.
• Foster a positive and engaging work environment for each team member by promoting skill development, coaching for improvement and growth, inspiring others through your words and actions, and embracing our mission, vision and core values.
• Set goals, monitor work, and evaluate results to ensure that departmental and organizational objectives and operating requirements are met.
• Provide leadership to senior management on security, fraud and other assigned administrative matters. Act as a Role Model for the Golden Commitments to Leadership.
• Evaluate evolving solutions and their benefit to the organization. Keep abreast of industry developments including, but not limited to, changes in regulations, technology, and other operational trends.
• Build and maintain professional relationships and pursue networking opportunities with key business partners and outside colleagues in the industry.
• Perform other duties as assigned in support of the Credit Union’s strategic goals and objectives.

Required Qualifications:

• Education: Bachelor's Degree in related field or equivalent work experience.
• Experience: Minimum 12+ years of experience in a related position, preferably at a financial institution. 10+ years of progressively responsible management experience at a senior level.
• Knowledge/Skills: Extensive knowledge of tools, technologies, and mitigation techniques within information security, fraud, and physical security.

Preferred Qualifications:

• Master's Degree a plus.
• Superb professionalism, tact, and diplomacy. Creative problem solving, organizational, analytical, verbal, and written communication skills.
• Strong decision making and time management skills with the ability to manage multiple projects/duties. Results driven, service-oriented, self-motivated, and able to work independently. Confident leader with the ability to express a vision to the organization and subsequently delegate responsibility as needed.

NA

Summary Information about the Role and Company Overview

Harness your expertise to shape robust cybersecurity strategies and safeguard critical assets. Your leadership will be pivotal in enhancing our resilience against evolving global cyber threats.

As a Cybersecurity Intelligence Vice President on our Cybersecurity Operations Publications team, you will play a critical role in safeguarding the firm's digital assets and infrastructure from cyber threats. Responsible for identifying, assessing, and mitigating risks, you will inform and influence control measures across the organization. Your expertise in analyzing complex issues and developing innovative solutions, along with your ability to collaborate with diverse teams, will be crucial in enhancing the firm's security posture. As a subject matter expert, you will contribute to strategic cybersecurity initiatives and continuously improve our threat detection and response capabilities. Your work significantly impacts the firm's operations, fiscal management, public image, employee morale, and client relationships.

• Develop and support the creation of reports and presentations for internal and external stakeholders
• Tailor publications to both technical and non-technical audiences as needed
• Collaborate with cybersecurity analysts and stakeholders to gather information and ensure accuracy and completeness of reports
• Work under pressure with engagement leads, technical analysts, and subject matter experts in a fast-paced cybersecurity environment to ensure timely product release
• Ensure consistency and accuracy across the entire publications catalog, maintaining a high standard of quality
• Represent cybersecurity operations at governance forums to present the latest cyber threats
• Assess and enhance the value delivered to our customers through effective reporting and communication
• Create and manage templates for various types of cybersecurity publications to ensure consistency and professionalism
• Review and edit documentation produced by other team members for clarity, grammar, factualness, and technical accuracy
• Develop training materials on effective communication and writing strategies and guide colleagues in the following best practices
• Build and maintain strong relationships with partners and stakeholders to achieve operational goals and business objectives and stay up-to-date on the latest cybersecurity trends, threats, and best practices to ensure our publications reflect current knowledge and standards

Required Qualifications

• 5+ years of experience in cybersecurity, focusing on threat intelligence, analysis, and mitigation
• Strong understanding of cybersecurity concepts, terminology, and best practices
• Excellent written and verbal communication skills
• Proven ability to create, design, and deliver high-quality presentation materials
• Strong attention to detail and commitment to producing high-quality work
• Ability to fix and clearly explain common and complex grammatical and structural errors in written documents and fact-check information as required
• Proficiency in using documentation tools and software (Microsoft Office, Confluence, SharePoint, Adobe Acrobat, etc.)
• Strong interpersonal skills with the ability to interact and collaborate with various teams and stakeholders
• Ability to work independently and manage multiple projects simultaneously

Preferred Qualifications

• Proficiency in using documentation tools and software (Microsoft Office, Confluence, SharePoint, Adobe Acrobat, etc.)
• 3+ years of experience in technical writing and editing, preferably within the cybersecurity or IT industry
• Strong interpersonal skills with the ability to interact and collaborate with various teams and stakeholders
• Ability to work independently and manage multiple projects simultaneously
• Relevant certifications (CompTIA Security+, CompTIA CySA+, CISSP) are a plus

NA

Job Description Summary

The AVP of Information Security is part of the organization's Enterprise Risk Management team and contributes to the enterprise-wide information security program to ensure that information assets are adequately protected. This role will help lead our organization's security initiatives and protect sensitive information assets by overseeing the development, implementation, and management of our information security program, ensuring compliance with industry regulations and best practices. You will collaborate with all levels of leadership and cross-functional teams to assess risks, enhance security measures, and respond to incidents effectively. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Position requires sound knowledge of business management and a working knowledge of information security practices, technologies, and control frameworks. Serves a vital role in assurance activities related to the availability, integrity and confidentiality of member, business partner, employee and business information in compliance with information security policies and standards. The AVP of Information Security must be highly knowledgeable about the business environment, possess the ability to successfully work with stakeholders to identify safe ways to empower business objectives, and ensure that information systems are maintained in a functional and secure manner.

Company Overview

NA

• Monitors essential processes to ensure compliance with policies, standards, practices, and guidelines. Assists with information security compliance.
• Owns business relationships with executive and other leadership stakeholders to drive enhancements to security posture.
• Manages and executes the information security risk assessment process, including reporting and oversight of treatment efforts.
• Supports PCI-DSS compliance program and ensures successful audits.
• Supports penetration testing, vulnerability assessments, social engineering testing, risk analysis, and remediation.
• Manages Information Security risk management activities, vendor reviews, asset inventories, third-party risk, and remediation.
• Supports the information security training program.
• Develops and supports information and access management initiatives.
• Builds a culture focused on security and risk environment improvement.
• Supports evaluations of internal control maturity against best practices and frameworks like NIST-CSF.
• Maintains and produces policies, procedures, and standards documents.
• Provides reporting and measurements of program effectiveness.
• Supports the management of security incidents to protect corporate assets.
• Monitors threat environment for emerging threats and advises stakeholders.
• Coordinates external resources involved in the information security program.
• Conducts user access reviews and identity management monitoring.
• Manages documentation, requests processing, training, and projects.
• Participates in meetings with vendors and key stakeholders.
• Maintains tracking metrics and reporting on information security risks.
• Prepares and delivers metrics-based presentations.
• Keeps abreast of industry trends and serves as a subject matter expert.
• Supports strategic growth and operational evolution of the Department.
• Ensures integrity within department operations.
• Creates a workplace culture consistent with organizational values.
• Supports information security initiatives and projects throughout the organization.
• Supports other Risk Management department programs and initiatives.
• Manages and supports creation of new processes for information security.
• Engages in discovery techniques to identify information security risks.
• Trains with other information security team members to promote a holistic program.

Required Qualifications

• Bachelor's Degree in Computer Sciences, Business Administration or a technology-related field, and/or equivalent work or education related experience.
• 5 to 10 years in Information Security/Cyber Security.
• Information Security program management experience.
• Moderate to Advanced Skills with MS-Excel, MS-Word, and MS-PowerPoint.
• Strong communication skills, ability to lead work efforts, and self-starter.
• Strong propensity for action and ownership.
• Experience in supporting an effective control environment.
• Proficient in writing and creating program documentation.

Preferred Qualifications

• Post-Graduate Degree.
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Certified Information Systems Auditor (CISA).
• Financial Services experience.
• Leadership experience and executive presence.
• Working knowledge of Enterprise Risk Management principles/frameworks.

Hiring Range and Benefits

The hiring range for this position is $140,000 to $160,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. Select benefits may be provided as part of the compensation package, such as medical, financial, and/or other benefits. To learn more about our benefits visit: https://jobs.disneycareers.com/benefits