VP, Information Security & Risk Governance
Company: Local Government Federal Credit Union
Location: Raleigh
Posted on: November 10, 2024
Job Description:
Description:CIVIC CULTUREOur organizations believe we can all do
well by doing good. We value the contributions of diverse minds and
prioritize the success and well-being of our employees. We also
believe every person in our organization plays a role in supporting
a healthy environment and helping to achieve our goal of prosperity
for all. To this end, we recruit bright, energetic, and talented
people to be members of our team. In return, we offer a dynamic
workplace that presents opportunities for professional advancement
and individual growth. We strive to always display integrity,
self-awareness, courage, and respect for one another while
continuing to seek opportunities to learn. We really believe that
when our employees succeed, our community wins.
ABOUT THE POSITIONThe VP, Information Security and Risk Governance
will build, implement, and execute the Credit Union's Information
Security Program. This role will be responsible for identifying,
evaluating, and monitoring the overall security risk profile across
the organization by assessing the effectiveness of information
security controls and processes. This person will be defining and
aligning information security governance and risk strategies for
the Information Security Committee and ensuring exposures to cyber
risks are identified and managed at an acceptable level. The VP,
Information Security and Risk Governance will serve as the
Information Security Officer for the organization, driving it to
achieve its cyber security objectives through the proactive
evaluation and enhancement of the organization's Information
Security Program, activities and controls that prevent or mitigate
the impact of compliance risk.
NORMAL DAY-TO-DAY WORK
- Collaborate with Legal, Risk, Compliance and key business
leaders to identify information management and protection laws and
regulations; implement actions to ensure compliance.
- Identify information security regulatory, legislative, and
industry specific compliance requirements.
- Establish annual and long-term goals for the proper maintenance
and security of information across the organization, defining risk
and governance strategies, metrics, and reporting mechanisms.
- Develop strategies and action plans to drive security maturity
improvement in areas where controls do not adequately mitigate
risks.
- Develop executive and board-level communications as it relates
to the organization's cybersecurity posture.
- Develop, document, and assess measures, metrics, and internal
controls related to the maturity of the organization's information
security program.
- Lead the development and implementation of effective and
reasonable policies and practices to secure sensitive data and
ensure security and compliance with contracts, regulatory
requirements, and industry standards.
- Develop and manage the organization's cybersecurity risk
management strategy, framework and approach.
- Integrate cyber security risk reporting and aggregate reporting
into the organization's overall enterprise risk framework.
- Develop and maintain a Security Risk Management Framework
(SRMF) per industry standards and applicability (e.g. NIST CSF), to
include but not limited to, performing an annual Security Risk
Assessment.
- Recommend programs to enhance the overall maturity of the
organization's Information Security Program and tracking of its
progress.
- Evaluate existing information security risk monitoring metrics
and tools, develop metrics and insights where appropriate, and seek
to enhance the maturity of information security analytics.
- Monitor compliance controls and catalog risk assessments
utilized by the organization as it pertains to security risk, and
then evaluate those assessments for best practices and gaps.
- Display integrity, self-awareness, courage, and respect for
staff while ensuring learning agility and flexibility communicating
and delegating effectively. Work effectively, collaboratively, and
creatively in a team-oriented environment both internally and
externally.
- Take ownership for actions, decisions, and results; openly
accept feedback and demonstrate both the willingness and ability to
improve.JOB QUALIFICATIONSHere are a few skills you MUST have to be
qualified for this position.
- Minimum 10-12 years of progressive IT, networking, server
administration, auditing, investigations, strategic risk
management, and/or business/management consulting.
- Minimum 4-6 years of experience managing cross-functional,
multi-business unit projects reflective of management or leadership
role.
- Bachelor's degree in Information Security, Information Systems,
Information Technology or Computer Science.
- Experience building and/or growing an IT Security practice with
direct hands-on technology skillsets.
- Ability to function in a Consumer business office environment
and utilize standard office equipment including but not limited to:
PC, copier, telephone, etc.
- Ability to lift a minimum of 25 lbs. (file boxes,
computer).
- Travel required on occasion.Here are a few qualities we'd LIKE
for you to have to make you more suited for this position.
- Certified Information Systems Security Professional (CISSP) or
equivalent certification.
If you have questions about this position description, please feel
welcome to ask. You can reach our HR Department at: Civic Human
Resources3600 Wake Forest Road, Raleigh, NC 27609
careers@civicfcu.orgRequirements:
PIc10cc16cca86-37248-35880327
Keywords: Local Government Federal Credit Union, Raleigh , VP, Information Security & Risk Governance, Executive , Raleigh, North Carolina
Didn't find what you're looking for? Search again!
Loading more jobs...