The Director, Information Security Governance will lead as a subject matter expert and will be accountable for creating and maintaining the Information Security Governance and Compliance Practice. This is a hands-on role. Controls include but are not limited to third party vendor risk assessments, vendor information security due diligence reviews, audit responses, information security training, IT asset risk assessments, access controls, data classification and remediation advisement.
This role will lead the Information Security Governance and Compliance Practice and will interface with peers under the direction of the CTO with advisory services from vCISO.
The role will lead compliance and regulatory requirement efforts, develop solutions and processes that further the goals of the organization while ensuring the protection of our information. This role will work closely with Legal, Compliance, Enterprise Risk Mgt, HR, Physical Security, and IT teams to develop of a comprehensive practice/controls program and will contribute artifacts to and participate on the Information Security Steering Committee.
Accountabilities and Responsibilities
- Integrates security operation controls and response artifacts with the cyber risk management governance program including: policy, standards, control procedures for managing IT assets, and topics for information security
- Leads and develops a team of security compliance practitioners.
- Provides technical mentoring to other team members.
- Provides input to strategic efforts and oversight
- Develops and maintains information security metrics.
- Manages security third party relationships to achieve outcomes
- Works with design engineers to ensure compliance of new solutions including cloud delivery
- Analyzes data and prepare reports that document compliance requirements for organizational change.
- Leads risk assessments (vendor, IT Asset, access control) and creates dashboards to monitor and report on findings
- Leads data classification efforts including analysis, standards monitoring, and reporting.
- Leads security training including delivery, follow-up, and reporting
- Establishes and creates standard operating workflow procedures for handoff of due diligence
- Provides advisement and response to security events and incidents
- Coordinates and communicates escalation of issues to the Incident Response team.
- Performs detailed security analysis and works with operations team conducting incident response, event analysis to enhance compliance posture
- Provides technical expertise on post-event security logs and trend analysis
- Coordinate and liaises with other departments within the company and external auditors with information regarding policies, procedures, vendor posture and information security risk.
- Other duties as needed
Credentials, Experience and Skills
- Bachelors Degree in Computer Science, MIS, Cybersecurity related field of study; or any equivalent combination of relevant work experience and training.
- 10 plus years of overall information security experience.
- Certified CISSP, CISM, Security+ or relevant experience
- Experience working with security frameworks (GLBA, COBIT, NIST, ISO etc.)
- Hands on experience in a leadership role in a Information Risk or Compliance
- Experience leading the creation of Information Security Policies and Standards
- Experience leading information security incident management efforts
- Experience leading audits
- Experience leading Information Security Compliance tasks in an organization of 500-1000 employees
- Strong organizational skills and attention to detail
- Excellent interpersonal, writing and communication skills
- Ability to constantly prioritize and change or adapt to ambiguous situations
- Experience identifying and implementing creative process improvement solutions
- Knowledge of cloud security and cloud security guidance and controls
- Able to work with highly confidential information.
- Occasional travel
- Your ability to be bonded is required
Established in 1934, today SEFCU (State Employees Federal Credit Union) is among the 50 largest credit unions in the U.S. with more than $3.5 billion in assets, 330,000 members, and 50 branches in the Capital Region, Binghamton, Syracuse, and Buffalo. SEFCU is committed to Changing Lives Every Day through the donation of time, talent, and treasure.