VP of Information Security bei Central One Federal Credit Union

Description

JOB STATUS: Exempt (Leadership)

REPORTS TO: President/CEO

SUPERVISES: None

WHO WE ARE: At Central One, our values are to Deliver Exceptional Service, Work as a Team, Have Fun, and the Credit Union philosophy of People Helping People; all while striving to be C.E.N.T.R.A.L. One Ambassadors. CENTRAL stands for Caring, Enthusiastic, Nimble, Team-Oriented, Resilient, Altruistic and Loyal. At the core of our values lies a commitment to our community, members, and employees, with a focus on overall well-being.

PRIMARY FUNCTIONS:

The VP of Information Security (VPIS) serves as the organization’s senior security leader. This role combines executive-level governance with hands-on security operations. This role is responsible for defining the enterprise security strategy, ensuring compliance with regulatory requirements, managing security vendors, and directly operating security tools, controls, and incident response.

This role provides independent oversight of IT operations led by the CIO, creating checks and balances between security governance (VPIS) and technology operations (CIO/IT).

WHY THIS ROLE MATTERS:

This position ensures that cybersecurity is treated as a business priority, with direct CEO visibility and accountability. The VP of Information Security provides independent oversight of IT, while bridging the gap between governance and execution to protect the organization’s data, systems, and reputation.

DUTIES AND RESPONSIBILITIES:

Leadership & Culture

• Strives to be the Ideal Team Player: hungry, humble and (people) smart.
• Serves as community role model and participates in volunteer activities to support the People Helping People value and enhance the Credit Union’s visibility.

Governance & Risk

• Develop and execute the organization’s security strategy, roadmap, and policies.
• Serve as the primary liaison to the CEO, board, regulators, and auditors on cybersecurity risk.
• Oversee compliance programs (NIST, SOX ITGC, ISO, PCI, GLBA, etc.).
• Lead vendor and third-party risk management processes from a security standpoint, including contract reviews, vendor selection, and ongoing performance oversight. Collaborate with Vendor Management Business Continuity Specialist for retention.
• Conduct periodic risk assessments and report findings to leadership.
• Define and track security KPIs and metrics, providing regular reports to executive leadership and the board.

Security Operations (Hands-On)

• Deploy configure, and manage security platforms (EDR, SIEM, DLP, IAM, PAM, vulnerability management, firewalls).
• Lead incident detection, response, and forensics, coordinating across IT and business units.
• Administer identity and access governance, including RBAC models, privileged access management, and entitlement reviews.
• Perform security monitoring and tuning for log analysis, threat detection, and alerting.
• Direct the organization’s security awareness and training program.

Collaboration with CIO / IT

• VP of Information Security defines security policies, risk appetite, and ensures independent oversight.
• CIO / IT delivers and maintains secure technology services (patching, provisioning, backups, operations).
• Jointly collaborate on incident response, DR/BCP, IAM execution, and vendor integrations.

General Responsibilities

• Stay current on job related equipment, procedures and information via attendance at meetings and seminars and reading various memos, handouts and publications.
• Adhere to all applicable policies, procedures and regulations.
• Participate in special projects and community activities, as needed.
• All other duties and responsibilities as directed.

Hybrid Work Arrangement: This position participants in a hybrid work arrangement with a combination of in office and remote days.

Requirements

PREREQUISITES:

Education: Bachelor’s Degree or equivalent experience required. Preferred certifications: CISSP, CISM, CISA, CCSP, or GIAC.

Experience: 8 - 10 years in IT security with both strategic leadership and hands-on technical experience. Strong knowledge of security frameworks (NIST CSF, ISO 27001, CIS Controls). Experience with regulatory compliance (SOX, PCI DSS, GLBA, NCUA). Demonstrated vendor management experience, including evaluating, negotiating, and managing security partners and solutions.

Skills: Proven ability to deploy and administer security tools (Microsoft Security Suite, Artic Wolf, Splunk/LogRhythm, Okta/Entra ID, etc.). People management skills: able to mentor, coach, and build a security team as the function grows. Skilled in developing and reporting KPIs and metrics that measure program effectiveness. Excellent communication skills, capable of engaging executives, auditors, vendors, and IT staff. Exceptional leadership presence, with the ability to brief senior leadership and the board confidently. 

Traits: Strong analytical and problem-solving skills; adaptable, resourceful, and detail-oriented.