Vice President of Information Security

LHH is seeking an experienced VP of Information Security to join our client's team in Alameda County, CA. This is a full-time, direct hire. The Vice President, Information Security Officer, under the guidance of the Chief Risk Officer, coordinates closely with the Risk Management team. This role is a thought leader in information and cyber security, establishing and monitoring the credit union's information strategy to protect company and member assets. As a senior leader, the VP collaborates with management and department leaders to recommend security investments that mitigate risks, strengthen defenses, and reduce vulnerabilities. Responsibilities Lead the technology risk strategy and provide guidance to technology partners. Develop and maintain cybersecurity risk assessment frameworks and methodologies. Partner with operational teams to provide guidance and oversight. Establish and enforce cybersecurity policies, standards, and guidelines. Conduct independent audits of cybersecurity processes and controls. Develop key risk indicators, dashboards, and reports to measure and monitor risks. Provide oversight during cybersecurity incidents to ensure proper response and recovery. Oversee evaluations of third-party vendors to ensure alignment with organizational standards. Support risk training and education regarding the enterprise risk framework. Maintain awareness of emerging information security threats and provide expertise to executive management. Facilitate audits and examinations by regulatory agencies and create risk mitigation plans. Work with business units to facilitate IT risk analysis and management processes. Communicate security-related concepts to a broad range of technical and non-technical staff. Maintain effective working relationships with corporate and business unit stakeholders. Stay updated on the threat environment and comply with all applicable laws and regulations. Qualifications B.S. Degree in Computer Science, Management Information Systems, or a related field. 15 years of progressively responsible experience in information security or equivalent. 7+ years of Financial Services experience. 7+ years of experience in Technology Risk Management, IT Audit, or similar functions. Experience with compliance standards, privacy laws, and financial regulations. Information security certification required: CISM, CISSP. Extensive experience in information security risk assessments and vendor risk assessments. Understanding of information security regulations and standards (NCUA, GLBA, CCPA, PCI, FFIEC, NIST 800 / ISO 27000). Experience in a regulated environment and responding to regulators and auditors. Strong skills in network architecture design and network infrastructure technologies. Excellent communication skills, both verbal and written. Ability to lead effectively in high-pressure, time-constrained environments. Ability to operate standard business machines and tolerate long periods of sitting.

#J-18808-Ljbffr