Information Security Manager

Job DescriptionJob Description

Our associates enjoy a one-of-a-kind culture with a rich benefits package that includes:

• Generous paid time off: 10 paid holidays, 2 floating holidays, 6 personal days, 10 vacation days, plus sick time
• Low-cost Medical, Dental & Vision plans – as low as $5 per pay period
• Paid childcare assistance (up to $96 per pay period)
• Award-winning 401(k) 5% discretionary match - fully vested from day 1
• 100% Gym reimbursement up to $75/month
• 100% Tuition Reimbursement Up to $5,250
• $1200/yr student loan repayment
• Hybrid remote schedule
• Target hiring range $105K - $131K (Depending on experience and prior to any incentives this position is eligible for)

This position will be located at our Corporate Office: 2355 W Pinnacle Peak Rd, Phoenix, AZ 85027

Our ideal candidate

The Information Security Manager is responsible for implementing, maintaining and enhancing the organization's information security strategy and program. This role will be responsible for overseeing the day-to-day security operations, ensuring compliance with regulatory requirements, and protecting the credit union's information assets. The Information Security Manager will work closely with the CISO and cross-functional teams to assess, manage, and mitigate security risks.

A typical day might include the following

• Carry out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsible for interviewing, hiring, and training associates; planning, assigning, and directing work; managing performance; rewarding and coaching associates; addressing complaints and resolving problems.
• Conduct regular risk assessments and vulnerability analyses to identify potential threats to information assets. Develop and implement risk mitigation strategies.
• Lead the incident response team in managing and mitigating security incidents. Develop and maintain incident response plans and conduct post-incident reviews.
• Manage and mentor information security team, fostering a culture of security awareness and continuous improvement.
• Develop and deliver security training programs to employees, promoting best practices and enhancing the organization’s security posture.
• Work closely with IT and compliance teams to ensure the integration of security measures into all business processes and technology solutions.
• Establish and maintain security monitoring tools and processes. Prepare regular reports for executive management on security metrics, incidents, and compliance status.
• Establish, update, and enforce information security policies and procedures to comply with industry regulations such as GLBA, PCI-DSS, and other relevant standards.
• Manage security policies and standards organization-wide to ensure the protection of corporate data against unauthorized use, access, modification, disclosure and deliberate or inadvertent destruction.
• Assist in audits and regulatory examinations, providing documentation and security evidence as required.
• Review penetration testing and security results for external and internal auditors. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.
• Assist the VP CISO in coordinating and managing the integration of information security objectives with organizational projects and goals.
• Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels.
• Monitor network for security violations. Respond to incidents of intrusion and penetration immediately. Investigate security breaches, including full documentation of events and effective retention of evidence.
• Works closely with the Vendor Management team in all aspects of Information Security vendor assessments, System and Organization Controls (SOC) reviews, and escalating issues associated with vendors, as needed.

This job description should not be considered all-inclusive. It is merely a guide of expected duties. The associate understands that the job description is neither complete, nor permanent and may be modified at any time. At the request of their supervisor, an associate may be asked to perform additional duties or take on additional responsibilities without notice. Complies with all policies and standards. Position grades could fluctuate based on market value.

Education

• High School Diploma Required
• Bachelor's Degree Information Security, Computer Science, or a related field required.
• Master's Degree Information Security, Computer Science, or a related field .

Experience

• 5 to 8 years of similar or related experience Information Security field Required
• 3 to 5 years of similar or related experience in the financial services industry, specifically with credit unions or banking institutions.
• 3 to 5 years of similar or related experience leading a security operations team

Knowledge, Skills and Abilities

• Proficient in security technologies such as firewalls, intrusion detection/prevention systems, and encryption methods.
• Familiarity with cloud security and network security protocols is essential.
• In-depth understanding of financial regulations and security frameworks (e.g., GLBA, PCI-DSS, NIST)
• Exceptional verbal and written communication skills, with the ability to explain complex security concepts to diverse audiences.
• Strong analytical and problem-solving abilities, with a focus on detail and accuracy.

Licenses and Certifications

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Comptia Security+

Why join the OneAZ team?

Our culture is one-of-a-kind You’ll be joining a team of friendly, hardworking, helpful associates with the same mission guiding all that we do: We exist to improve the lives of our members, our associates and the communities we serve.

We are proud to be an equal opportunity employer and value . We do not discriminate on the basis of , , , creed, origin or ancestry, (including ), , physical or mental , veteran or military status, genetic information, , , or any other legally recognized protected basis under federal, state, or local law.

We offer robust benefits including low-cost medical, dental and vision plans, gym reimbursement, paid parental leave, generous personal days and vacation time, and an award-winning 401(k) program among many others. Take a look at our career page for detailed benefit information: www.oneazcu.com/about/careers

Additional Notes:

Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws.

All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws.

Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC).

Any individual who meets the definition of a mortgage loan originator and is employed by a federal agency-regulated institution will need to be registered on NMLS.