The ISO(Information Security Officer) will be responsible for
the research, development, implementation, testing and reviewing of
the Credit Union's overall information security in order to protect
information and prevent unauthorized access. The primary objective
of this position is to oversee and directly manage the protection,
defense, and availability of information and information systems by
ensuring confidentiality, integrity, authentication, availability
and non-repudiation of the Credit Union information and information
systems through the creation and implementation of the security
This position is responsible for assuming a leadership role in
information security for all critical and significant aspects of
the organization's technology, including the control and protection
of company proprietary and confidential consumer information. This
position oversees compliance with information security policies and
practices, applicable regulatory guidance and financial services
industry best practices for information security management and
Essential Functions & Responsibilities:
Creation and implementation of the Annual Information Security
Program. Develops and writes policies and procedures concerning IT
requirements for security testing, documenting, and process
improvement. Report on the effectiveness of the Information
Security Program through the use of the information security
measures and metrics. Proposes necessary changes in policies to
ensure adequate systems security and compliance with NCUA Section
Lead security risk assessments to include, but not limited to,
vulnerability assessments, penetration tests, permissions
assessments, and IT resources with both vendors and internal
Responsible for gathering information necessary to maintain
security and establish functioning internal and external barriers
such as firewalls, intrusion detection/prevention systems,
anti-virus and malware, and other security measures. Coordinates
information security initiatives with IT and Risk stakeholders.
Routinely reviews the credit union computing environment, logs, and
network traffic for activities including but not limited to: policy
violations, abnormal behaviors, intrusions, best practice
Develops and reviews IT Security change management activities
across the organization to ensure secure and compliant information
Coordinates and implements IT security awareness training for
employees and members across the credit union computing
Partner with IT in the design, implementation, and support of an
effective, secured system access and total security environment for
all data systems.
Assumes a leadership role in the Information Security Committee;
developing the agenda and leading the meeting in the absence of the
Communicates with Enterprise Risk Management Committee when
significant issues of risk are not promptly addressed, or
differences of opinion occur internally about risk.
Keeps abreast of new technologies and systems security through
self-learning or structured courses.
Provides enterprise-wide expertise in the Vendor Management and
Project Management security reviews and assessments.
Performs other job-related duties as assigned.
1. Provides recommendations for any new security solutions and
any enhancements to existing security solutions in accordance with
standard best operating procedures.
2. Meets department standards for response to team member
requests for assistance with security concerns.
3. Meets deadlines for completion of assigned projects /
provides useful input with response to project success and
4. Accurately maintains security logs and permission
documentation where appropriate.
5. Provides evolving information security training to Gulf Winds
6. Drafts and enforces Information Security regulations,
Information Security Policy and the Information Security Standards
7. Complies with all applicable rules, regulations and policies,
including but not limited to BSA, OFAC and Physical Security.
Knowledge and Skills:
Experience: Five years to eight years of similar or related
Education: Equivalent to a college degree and a professional
certificate or a graduate degree. CISO or CISSP preferred.
Interpersonal Skills: Work involves extensive personal contact
with others and is of a personal or sensitive nature. Motivating,
influencing, and/or training others is key at this level. Outside
contacts become important and fostering sound relationships with
other entities (companies and/or individuals) becomes necessary and
often requires the ability to influence and/or sell ideas or
services to others.
Other Skills: Demonstrated knowledge of IT Security practices
and procedures. Strong working knowledge of change control
practices and security administration (e.g. access control and
system hardening, security policies). Ability to recognize and
properly handle sensitive and confidential information. Credit
union or financial services experience is a plus.
Physical Requirements: Light or low amount of physical
This Job Description is not a complete statement of all
duties and responsibilities comprising the position.
Gulf Winds is an Equal Opportunity Employer. Drug Free