Listing Description

The VP, Chief Information Security Officer (CISO) directs enterprise-wide cyber and data security programs, including overseeing strategy, operations, and the budget for protecting Logix enterprise information assets. Responsible for enterprise-wide data and information security initiatives, policies, standards, evaluations, staff and organizational awareness.  Partners closely with the designated Enterprise Risk Management (ERM) Officer, Legal, and management throughout the credit union to ensure that technological and physical access controls effectuate the organization’s data privacy policies. Develops and implements flexible, reliable and maintainable security solutions, assesses the risk of existing and planned information systems, and provides the highest level of quality service to both members and employees.

The annual pay range for this position is $162,173.85 - $259,478.15 depending on experience, skills, education and internal equity.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

• Develops, implements, and monitors a strategic, comprehensive information security and risk management program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets; drives, maintains and regularly updates IT security strategies, plans, and implementation roadmap.


• Plans, directs and coordinates information security policies, procedures, standards, guidelines, and controls to ensure that all information systems are functional, secure and compliant with privacy laws and regulations.


• Ensures the 24x7 monitoring of access to all systems and maintenance of access control profiles on computer networks and systems; ensures the monitoring of threats and takes preventive measures to mitigate impact of known and unknown threats; designs and executes penetration tests and security audits.


• Oversees identity and access management; ensures documentation of access authorizations is maintained for all applicable resources; develops and maintains appropriate segregation of duties within and across applications.


• Oversees data lifecycle management; ensures prevention of data loss is maintained for all critical/sensitive assets; develops and maintains a data classification program that properly classifies all assets as to sensitivity and criticality.


• Ensures the installation, modification, enhancement, and maintenance of system security software.


• Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities; develops and maintains the Incident Management Plan and escalates possible incidents to the Security Incident Response Team; serves as the liaison with external agencies and organizations, including law enforcement, as needed for incident response and planning.


• Maintains a current understanding of the threat landscape for the industry; liaises with external agencies as necessary to ensure the organization maintains a strong security posture against relevant threats and advancing threat landscape.


• Ensures compliance with changing laws and applicable regulations. Directs member and employee data security awareness and education; ensures cyber security policies and procedures are communicated to all employees.


• Oversees and coordinates all regulatory examinations and audits. Remediates all findings or coordinates organizational risk acceptance.  Regularly interfaces with regulatory/audit personnel to ensure delivering of all required documentation/artifacts.


• Reviews/prepares security program status, industry trends and risk report presentations for Senior Management, Supervisory Committee, and the Board of Directors. Presents these reports to the Board of Directors on a semi-annual basis.


• Reviews and prepares security program status, industry trends and risk report presentations for the Information Security Steering Committee. Chairs the committee meetings on a semi-annual basis and conducts on-demand voting committee member (CEO, COO, , CIO and SVP ERM) meetings as needed to review residual risk acceptance.


• Develops annual objectives and budgets; builds, leads and inspire a highly skilled and diverse department to accomplish approved objectives within the approved budgets; fosters a culture of trusted cross functional partnership, service, collaboration and continuous improvement.


• Partner and align with Product, Engineering, Networking, Infrastructure & Operations, and other key departments to reinforce product security to drive and automate secure development practices, while maintaining business needs and mutually agreeable timelines.


• Performs Business Resumption planning for assigned departments and validates the adequacy of the plans.


• Evaluates, selects, and approves vendors to maintain the quality of member services; manages vendor relationships to ensure achievement of department goals and maximum benefit for the credit union and its members.


• Holds staff meetings with assigned personnel to discuss areas needing improvement, member survey results and corrective action, changes in policies and procedures, new developments or services and to present general information.


• Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.


• Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems

QUALIFICATIONS (Education, Experience, Knowledge, Skills & Ability):

• Must have a Bachelor's degree in Business, Information Technology Management or related disciplines with 10 or more years of IT management experience. Other complimentary management/business unit experience preferred (fraud, enterprise risk management, compliance, enterprise governance).


• Must have recognized Information Security Certifications (e.g. CISSP, CISA, or CISM, CRISC).


• 7 or more years of directly related information security leadership experience.


• 5 or more years of experience interacting with Senior Management, Supervisory Committees and/or Board of Directors.


• Proficiency using MS Office products such as Excel, Word, PowerPoint, Outlook and Symitar


• Masters’ Degree in Business or Technology and experience in a financial institution preferred.

Must also demonstrate conduct consistent with our Corporate Values:

• Practice open Communication with all levels;


• Be Accountable by taking ownership of customer issues and responsibility for one’s actions;


• Foster Teamwork by cooperating and collaborating with other employees;


• Seek ways to make the workplace Fun for oneself & others;


• Conduct oneself with Integrity by being honest, trustworthy and ethical in all work activities and interactions;


• Work with a Service Orientation by having a genuine concern for the needs of one’s customers and by being friendly, professional and following through on commitments; and


• Demonstrate Humility in all interactions and remember to leave one’s ego at the door when one arrives to work. 

Logix Federal Credit Union is an equal opportunity employer that does not discriminate in employment opportunities or practices on the basis of race, religion, color, sex, sexual orientation, gender identity, national origin, protected veteran or disability status, or any other status protected by law.