Manager Information Security - Military veterans preferred

The Manager Information Security responsible for overseeing the Information Security program, Vendor Management program, and the administration of the Business Continuity Plan at WEOKIE Federal Credit Union. Responsibilities include but are not limited to developing and maintaining the information security framework, monitoring and managing vendor risk, and maintaining, enhancing, and testing the Business Continuity Plan.

1. Develops, maintains, and reviews appropriate information security policies and procedures needed to maintain the integrity of the information security program.
2. Conducts threat focused business impact analysis to maintain an inventory of business impacting cyber threats.
3. Organizes and conducts cybersecurity simulation exercises.
4. Acts as the IT Security, Business Continuity, and Vendor Management central point of contact for the annual NCUA exam and IT Controls Audit.
5. Ensures proper policies, procedures, risk mitigation activities, and operation controls are followed. Reports gaps in policies, procedures, and operating controls to leadership to ensure member impact and risk is mitigated.
6. Responsible for performing information security risk assessments on a scheduled basis that focus on ensuring policies and procedures are consistently applied. 
7. Attends/makes presentations to the WEOKIE Board of Directors and various Board Committees as assigned. 
8. Assist with development of company wide information security training materials for computer-based training modules and build company wide information security awareness materials.
9. Support technology/systems that enable all vendor management activities by administering the Tandem platform.
10. Responsible for vendor risk assessment and execution of other vendor management activities as needed. This includes administration, processing risk acceptance documentation, and maintaining the schedule of vendor management activities.
11. Maintain, develop, update, and test WEOKIE’s Business Continuity Plan. 
12. Write reports to summarize testing activities, including results and recommendations.
13. Act as Business Continuity Coordinator in the event of an incident, to ensure that WEOKIE’s Business Continuity Plan is implemented.

1. WEOKIE’s information security program is a core part of its culture and is integrated into all of its lines of business, support functions and third-party management programs.
2. Information Security risks and threats are clearly identified, measured and remediated timely.
3. The Board of Directors and Senior Management receive timely and credible reporting and recommendations that lead to effective decision-making in both strategic and tactical contexts.
4. Members and credit union information security assets are protected from unauthorized access and when necessary, reacts timely and effectively to manage incidents or vulnerabilities.
5. WEOKIE receives favorable results from key reviews, audits, and exams from audit and exam sources.
6. WEOKIE’s information security program is seen as independent from the IT line of business and also seen as supportive and collaborative to all stakeholders.
7. Risk assessments are completed annually and deficiency are quickly addressed and/or remediated.
8. Security incidents are properly documented, tracked, and escalated in a timely fashion when deficiencies are presented.
9. New quality control activities are developed and presented to leadership that correspond to the information security program.
10. Vendor Management risk assessments, reporting results, and conclusions are thoroughly documented, completed timely and accurately.
11. Vendor Management is collaboratively managed with fellow team members.
12. Vendor Management risks are controlled and mitigated by adhering to all applicable policies and procedures.
13. WEOKIE’s Business Continuity Plan is up-to-date, regularly tested, thoroughly communicated, and ready for immediate implementation in the event of an incident.

1. Specialized or Technical Knowledge and Skills: The Manager Information Security is a data security professional skilled at managing IT security activities in a complex, multi-system/multi-vendor computing environment. A strong, practical working knowledge of information security concepts and technical architecture are necessary along with an ability to take technical concepts and translate them into business impact.
   1. A bachelor’s degree is required, preferably in Information Technology or Computer Science.
   2. A minimum of three years of experience in the information security field.
   3. A Certified Information System Security Professional (CISSP) certification is required; additional certifications such as a Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) are preferred.
   4. Demonstrated experience in managing and working with third party vendors.
   5. Demonstrated ability to research and implement innovative solutions that have improved security, operational efficiency, quality, and service levels.
   6. In-depth understanding of the financial services or highly regulated business, and the applications systems and technical infrastructures needed to support them.

B.  Behavioral Competencies: Behavioral competencies are the skills and personal characteristics that an individual should possess in order to be successful in this position.

1. Core Competencies: Core competencies are consistent for all positions across the organization and are aligned with WEOKIE’s core values.
2. Member Focus (internal and external): Builds member confidence, is committed to increasing member satisfaction, sets achievable member expectations, assumes responsibility for solving member problems, ensures commitments to members are met, solicits opinions and ideas from members, responds to internal members.  
3.    Dependability:  Meets commitments, works independently, accepts accountability, handles change, sets personal standards, stays focused under pressure, and meets attendance/punctuality requirements.
4.    Integrity/Ethics:  Deals with others in a straightforward and honest manner, is accountable for actions, maintains confidentiality, supports company values, conveys good news and bad.
5. Job Specific Competencies: The position requires a wellrounded and levelheaded individual who is able to maintain composure in a variety of situations. The following stand out among a long list of behavioral competencies for this position:
   1. Managing Vision and Purpose:  Communicates a compelling and inspired vison of core purpose; talks beyond today; talks about possibilities, is optimistic, creates mileposts and symbol to rally support behind the vision; make the vision sharable by everyone; can inspire and motivate entire units or organizations.
   2. Strategic Agility:  Sees ahead clearly, can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately pain credible pictures and visions of possibilities and likelihoods; can create competitive and breakthrough strategies and plans.
   3. Oriented Towards Serving Others:  Is predisposed to servant leadership and excited towards improving conditions for others.
   4. Command Skills: Relishes leading; takes unpopular stands if necessary; encourages direct and tough debate but isn’t afraid to end it and move on; is looked to for direction in a crisis; faces adversity head on; energized by tough challenges.
   5. Intellectual Horsepower: Is bright and intelligent; deals with concepts and complexity comfortably; described as intellectually sharp, capable, and agile.
   6. Innovation Management: Is good at brining the creative ideas of others to market; has good judgement about which creative ideas and suggestions will work; has a sense about managing the creative process of others; can facilitate effective brainstorming; can project how potential ideas may play out in the marketplace.  
   7. Composure:   Is cool under pressure; does not become defensive or irritated when times are tough; is considered mature; can be counted on to hold things together during tough times; can handle stress; is not knocked off balance by the unexpected; doesn’t show frustration when resisted or blocked; is a settling influence in a crisis.
   8. Political Savvy: Can maneuver through complex political situations effectively and quietly; is sensitive to how people and organizations function; anticipates where the land mines are and plans his/her approach accordingly; views corporate politics as a necessary part of organizational life and work to adjust to that reality.

C.  Physical Demands:  The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to stand; walk; sit; use hands to finger, handle, or feel; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl and talk or hear. The employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this job include color vision, peripheral vision, depth perception and ability to adjust focus.

D.  Work Environment:  The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The worker is not substantially exposed to adverse environmental conditions. The noise level in the work environment is usually moderate.

WEOKIE does not and shall not discriminate on the basis of Protected Status, marital status, and political belief or any other status or condition protected by applicable federal and/or state law.  Bona fide occupational qualifications will be applied impartially. These activities include, but are not limited to, hiring of staff, selection of volunteers and vendors, and provision of services. We are committed to providing an inclusive and welcoming environment for all our members, our staff, clients, volunteers, subcontractors, vendors, and clients.