Information Security Program Manager

Company: NORTH COUNTRY FEDERAL CREDIT UNION
Location: South Burlington
Posted on: April 10, 2021

Job Description:

EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. Description Data security is our organization's top strategic priority. As one of Vermont's largest credit unions, we are responsible for the safekeeping of the personal and financial information of over 60,000 people who trust and rely on the integrity of our systems, policies, and procedures.As a leader in our organization, the ISPM will work with others on our team to identify and protect against current and developing threats including security breaches, attacks by cyber-criminals, and accidental disclosures. They will be responsible for our Information Security Program, perform security compliance audits, and provide regular updates to executive management and the board of directors.In addition to a clear understanding of the challenges of information security, the ISPM must have the ability to describe security issues to people throughout the credit union, and work with our training staff to promote best practices and a culture of awareness. Qualified candidates must have at least eight years of related experience and an appropriate master's degree. A bachelor's degree plus professional certification may also be considered.Our employees are the heart of our organization. We provide medical, dental and vision insurance, paid holidays, paid time off, 401(k) with employer contribution up to 10%, life and disability insurance, employee training and wellness program.Role:Support the credit union's vision of being the community's most loved financial institution, and its mission to make people's financial dreams come true. Contribute to a world class experience for all members and staff, by building rapport, determining needs, and offering creative solutions to best serve their needs. Demonstrate professionalism and integrity and represent the credit union's core values in all interactions.

The Information Security Program Manager (ISPM) has direct responsibility for ensuring the credit union safeguards the confidentiality of member information and corporate data from security breaches, attacks by cyber-criminals, accidental disclosure, and all other forms of disclosure to non-approved parties. The ISPM will create and manage the company Information Security Program which includes the security and data privacy of NorthCountry FCU's Suite of Cloud products and services, ensure successful completion of annual security compliance audits and will provide regular updates on the status of the program to executive management and the board of directors.Essential Functions & Responsibilities:1. The development and maintenance of a comprehensive Information Security Program that fulfills the requirements specified by the NCUA Rules & Regulations, Part 748, Appendix A&B.2. Annually, assess the organization's security measures via a formal Information Security Risk Assessment (ISRA) with a focus on identifying reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information. Assess both the likelihood of occurrence and the sufficiency of policies, procedures, and systems in place to control the identified risks.3. Ongoing evaluation of firewalls, anti-virus software, strength of password controls and encryption, to identify weak points that might make information systems vulnerable to attack.4. Carry out simulated attacks (both technical and social) to test the efficiency of security measures.5. Develop company-wide policies and procedures that encourage secure working and protection of data. Work with HR to train and test employees on best practices for keeping information safe and promote a culture of awareness.6. Design and advise on security controls including access controls, access restrictions, encryption, monitoring systems, and procedures to protect systems and information infrastructure, including vulnerability scanners, web application scanners, SIEM and endpoint protection applications.7. Perform ongoing service provider oversight and periodic review to ensure contractual obligations for protecting data are defined and are being adhered to. Ensure the vendors' contracts clearly defines appropriate information security controls prior to contract signing.8. Work with applicable Senior and Executive Management to develop and maintain an incident response plan that defines actions to be taken when the credit union suspects or detects unauthorized individuals have gained access to member information. Assist with investigating security breaches and other cyber security threats and incidents.9. Provide periodic reports to the board on 1) the status of the Information Security Program and 2) The status of third-party vendor control reviews. Provide periodic updates to executive management on 1) new InfoSec threats 2) status of patch management on credit union systems and 3) status of third-party audits, penetration tests, and Information Security Risk Assessment (IRSA) findings.10. Develop an understanding and working knowledge of the credit union history, philosophy, organization, bylaws, policies, procedures and appropriate software systems. Perform all other job-related duties as assigned. Position Requirements Performance Measurements:1. Analytical - The ability to observe, evaluate, summarize, and apply meaningful data in the problem-solving process. The level of logical reasoning necessary to connect required actions to desired outcomes. The ability to forecast events based upon current situations. Demonstrated skill in generating alternative solutions to problems.2. Attention to Detail - The level at which tasks are performed carefully, accurately, and in accordance with specific instructions. Consistency of work quality and compliance with standards, requirements, and expectations. The tracking of numerical data and detailed organizational information, and the careful application of grammar, spelling, and punctuation rules.3. Policy Compliance - The degree to which the employee has a knowledge of and complies with organizational policies.4. Communication - The ability to effectively converse and listen to others concerning company matters. The use of proper written and grammatical skills, and the meaningful application of computer technology [e-mail, Internet, etc.].5. Teamwork & Cooperation - The degree to which individuals promote a collaborative, cooperative, and productive working environment. The level of demonstrated sensitivity, team building, support, and respect. The degree of synergy promoted.Knowledge and Skills:Experience: Eight to ten years of similar or related experience.Education: (1) A master's degree, or (2) a bachelor's degree plus professional certification (e.g. CPA).Interpersonal Skills: Work frequently involves exercising advanced conflict resolution, giving material presentations, and resolving issues impacting multiple departments or divisions. Role also requires the ability to motivate or influence others as a material part of the role, with a significant level of diplomacy and trust. Obtaining cooperation (internally and/or externally) is an important part of the role and a high level of interpersonal skills is critical to the success of this position.Other Skills:------Strong background in information technology with a clear understanding of the challenges of information security.
------Within 18 months of beginning the position, certification as an Information Security Systems Professional (CISSP) or equivalent.
------Excellent communication skills so as to build awareness and understanding of security issues with staff, management, and the board of directors.
------Good team working skills to develop security solutions in collaboration with other information technology professional. Full-Time/Part-Time Full-Time Position Information Security Program Manager Close Date Number of Openings 1 Location South Burlington About the Organization NorthCountry is Vermont's community credit union for the Champlain Valley, Central Vermont, and the Northeast Kingdom. We are proud to have been recognized as one of Vermont's 2021 "Best Places to Work", as well as having Gallup rank our employee engagement rate at among the top 3% of businesses worldwide! We are humbled to achieve this recognition for our organization both locally and globally. Our vision is: To be the community's most loved financial institution. We hold ourselves to a very high standard to do so, by striving to offer "world class service" in every interaction we have. NorthCountry also contributes to the communities we serve by sponsoring local events and offering financial donations to a variety of non-profit organizations. Each quarter, NorthCountry also has a "Twice as Nice" campaign where we highlight a non-profit and offer to match the donations made by our members to that particular organization. Our employees are encouraged to serve their communities through volunteer work for a non-profit of their choice. This volunteer time can happen during business hours, and up to 8 hours per year is paid. NorthCountry's mission is: To make dreams come true for all by offering personalized financial solutions. As a cooperative, we are inspired and empowered to do the right thing for our members and employees. We aspire to make these dreams come true by encouraging all of our employees to live our core values. Our core values being the 3 C's: Confident, Caring, and Creative. We believe that when our staff truly embody these 3 C's, we are able to make a tremendous difference in the lives of our members as well as our own. This positive impact in communities close to home, as well as those afar, is what inspires each of us to come to work each day. This position is currently accepting applications. Member Advocate 2 (Call Center Rep) in South Burlington, VT
Posted on: 3/3/2021
[Apply Now]

Keywords: NORTH COUNTRY FEDERAL CREDIT UNION, New England , Information Security Program Manager, Executive , South Burlington, Northeast