Local Government Federal Credit Union
VP, Information Security & Risk Governance
Local Government Federal Credit Union, Raleigh, North Carolina, United States, 27601
VP, Information Security & Risk Governance
Local Government Federal Credit Union
- The North Carolina credit union for local government employees, elected and appointed officials, volunteers and their families.Our organization believes we can all do well by doing good. We value the contributions of diverse minds and prioritize the success and well-being of our employees. We strive to always display integrity, self-awareness, courage, and respect for one another while continuing to seek opportunities to learn.ABOUT THE POSITIONThe VP, Information Security and Risk Governance will build, implement, and execute the Credit Union’s Information Security Program. This role will be responsible for identifying, evaluating, and monitoring the overall security risk profile across the organization by assessing the effectiveness of information security controls and processes. This person will define and align information security governance and risk strategies for the Information Security Committee and ensure exposures to cyber risks are identified and managed at an acceptable level.NORMAL DAY-TO-DAY WORKCollaborate with Legal, Risk, Compliance and key business leaders to identify information management and protection laws and regulations; implement actions to ensure compliance.Identify information security regulatory, legislative, and industry specific compliance requirements.Establish annual and long-term goals for the proper maintenance and security of information across the organization, defining risk and governance strategies, metrics, and reporting mechanisms.Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks.Develop executive and board-level communications as it relates to the organization’s cybersecurity posture.Develop, document, and assess measures, metrics, and internal controls related to the maturity of the organization’s information security program.Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards.Develop and manage the organization’s cybersecurity risk management strategy, framework and approach.Integrate cyber security risk reporting and aggregate reporting into the organization’s overall enterprise risk framework.Develop and maintain a Security Risk Management Framework (SRMF) per industry standards and applicability (e.g. NIST CSF), to include but not limited to, performing an annual Security Risk Assessment.Recommend programs to enhance the overall maturity of the organization’s Information Security Program and tracking of its progress.Evaluate existing information security risk monitoring metrics and tools, develop metrics and insights where appropriate, and seek to enhance the maturity of information security analytics.Monitor compliance controls and catalog risk assessments utilized by the organization as it pertains to security risk, and then evaluate those assessments for best practices and gaps.Display integrity, self-awareness, courage, and respect for staff while ensuring learning agility and flexibility communicating and delegating effectively.Take ownership for actions, decisions, and results; openly accept feedback and demonstrate both the willingness and ability to improve.JOB QUALIFICATIONSHere are a few skills you MUST have to be qualified for this position.Minimum 10-12 years of progressive IT, networking, server administration, auditing, investigations, strategic risk management, and/or business/management consulting.Minimum 4-6 years of experience managing cross-functional, multi-business unit projects reflective of management or leadership role.Bachelor’s degree in Information Security, Information Systems, Information Technology or Computer Science.Experience building and/or growing an IT Security practice with direct hands-on technology skillsets.Ability to function in a Consumer business office environment and utilize standard office equipment including but not limited to: PC, copier, telephone, etc.Ability to lift a minimum of 25 lbs. (file boxes, computer).Travel required on occasion.Here are a few qualities we’d LIKE for you to have to make you more suited for this position.Certified Information Systems Security Professional (CISSP) or equivalent certification.If you have questions about this position description, please feel welcome to ask. You can reach our HR Department at Civic Human Resources, 3600 Wake Forest Road, Raleigh, NC 27609.
#J-18808-Ljbffr
Local Government Federal Credit Union
- The North Carolina credit union for local government employees, elected and appointed officials, volunteers and their families.Our organization believes we can all do well by doing good. We value the contributions of diverse minds and prioritize the success and well-being of our employees. We strive to always display integrity, self-awareness, courage, and respect for one another while continuing to seek opportunities to learn.ABOUT THE POSITIONThe VP, Information Security and Risk Governance will build, implement, and execute the Credit Union’s Information Security Program. This role will be responsible for identifying, evaluating, and monitoring the overall security risk profile across the organization by assessing the effectiveness of information security controls and processes. This person will define and align information security governance and risk strategies for the Information Security Committee and ensure exposures to cyber risks are identified and managed at an acceptable level.NORMAL DAY-TO-DAY WORKCollaborate with Legal, Risk, Compliance and key business leaders to identify information management and protection laws and regulations; implement actions to ensure compliance.Identify information security regulatory, legislative, and industry specific compliance requirements.Establish annual and long-term goals for the proper maintenance and security of information across the organization, defining risk and governance strategies, metrics, and reporting mechanisms.Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks.Develop executive and board-level communications as it relates to the organization’s cybersecurity posture.Develop, document, and assess measures, metrics, and internal controls related to the maturity of the organization’s information security program.Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards.Develop and manage the organization’s cybersecurity risk management strategy, framework and approach.Integrate cyber security risk reporting and aggregate reporting into the organization’s overall enterprise risk framework.Develop and maintain a Security Risk Management Framework (SRMF) per industry standards and applicability (e.g. NIST CSF), to include but not limited to, performing an annual Security Risk Assessment.Recommend programs to enhance the overall maturity of the organization’s Information Security Program and tracking of its progress.Evaluate existing information security risk monitoring metrics and tools, develop metrics and insights where appropriate, and seek to enhance the maturity of information security analytics.Monitor compliance controls and catalog risk assessments utilized by the organization as it pertains to security risk, and then evaluate those assessments for best practices and gaps.Display integrity, self-awareness, courage, and respect for staff while ensuring learning agility and flexibility communicating and delegating effectively.Take ownership for actions, decisions, and results; openly accept feedback and demonstrate both the willingness and ability to improve.JOB QUALIFICATIONSHere are a few skills you MUST have to be qualified for this position.Minimum 10-12 years of progressive IT, networking, server administration, auditing, investigations, strategic risk management, and/or business/management consulting.Minimum 4-6 years of experience managing cross-functional, multi-business unit projects reflective of management or leadership role.Bachelor’s degree in Information Security, Information Systems, Information Technology or Computer Science.Experience building and/or growing an IT Security practice with direct hands-on technology skillsets.Ability to function in a Consumer business office environment and utilize standard office equipment including but not limited to: PC, copier, telephone, etc.Ability to lift a minimum of 25 lbs. (file boxes, computer).Travel required on occasion.Here are a few qualities we’d LIKE for you to have to make you more suited for this position.Certified Information Systems Security Professional (CISSP) or equivalent certification.If you have questions about this position description, please feel welcome to ask. You can reach our HR Department at Civic Human Resources, 3600 Wake Forest Road, Raleigh, NC 27609.
#J-18808-Ljbffr