AVP Information Security

Description Note: All full-time positions include the option of $0 out-of-pocket premium cost for Employee Only PPO AND exceptionally low premiums for all other PPO coverage levels. :: HOURS FOR POSITION: Monday- Friday 7:00am-3:30pm Hiring Range - $167,566.00 to $251,349.00 (Salary) The AVP Information Security plays a critical leadership role in safeguarding the assets, member data, and information systems of Tower Federal Credit Union. This role is responsible for developing and implementing Tower’s information security strategy in alignment with industry standards, regulatory requirements, and emerging threats. The AVP will oversee a team of security professionals, ensuring a robust security posture through policy and standards development, risk management, security operations, and incident response. The AVP reports directly to the VP/Director Information Security. Principal Accountabilities and Functions Develop and drive the information security strategy, policies, standards, and procedures to ensure effective data protection and compliance with regulatory standards. Collaborate with senior leadership to align information security goals with organizational objectives. Mentor, coach, and manage a team of information security professionals to build a high-performance security team. Lead the technology and security risk management program, identifying, assessing, and mitigating information security risks. Ensure compliance with applicable legal, regulatory, and internal security standards including NCUA, FFIEC, and other relevant financial regulations Develop, implement, and maintain an information security risk assessment program to ensure security controls are appropriate and effective. Oversee the day-to-day security operations, including monitoring, threat detection, and incident response. Implement advanced detection and prevention technologies, including SIEM, EDR, IPS/IDS, and other security tools. Manage internal vulnerability management and third-party security assessment programs, ensuring timely remediation of findings. Lead the incident response program, ensuring rapid containment, investigation, and recovery from security incidents. Conduct regular incident response exercises, including tabletop and live simulations, to improve team readiness and response capabilities. Develop and authorizes the implementation of necessary security policies, standards, procedures, and guidelines based on industry best practices that comply with federal and state laws and industry regulations. Conduct security awareness training programs to promote a security-aware culture throughout the organization. Provide regular reports and security metrics to the Information Security Governance Committee (ISGC), IT Steering Committee (ITSC), and Technology Advisory Group (TAG). Partner with ITS and business units to integrate security requirements into all phases of project development and system implementation. Develop and manage the department and project budgets, ensuring resource allocation aligns with strategic security goals and organizational priorities. Required Qualifications Bachelors degree in Information Security, Computer Science or a related field with seven years relevant work experience desired. Without a degree at least 10 years directly applicable relevant leadership and work experience. Professional-level industry certification (i.e. CISSP, CISM, etc.) desired. Minimum of 10 years of experience in information security, with at least 5 years of supervisory or leadership experience. Strong understanding of security frameworks (i.e. CIS, NIST, etc.) and regulatory requirements applicable to credit unions and financial institutions. Or an equivalent combination of education and experience Extensive experience with security technologies, such as firewalls, IDS/IPS, SIEM, data protection and endpoint security tools. Demonstrated ability to lead and develop a team of security professionals. Credit union or financial services experience preferred. Knowledge, Skills and Abilities Advanced knowledge of NCUA, FFIEC, GLBA, CIS Critical Security Controls, PCI DSS, MITRE ATT&CK, NIST, and other information security frameworks. Strong analytical and problem-solving skills with a focus on balancing security needs with business priorities. Excellent communication skills, capable of presenting complex security topics to senior leadership and board members. Proven experience in risk management, incident response, and policy development. Ability to work collaboratively across departments and influence stakeholders at all levels. Significant experience performing risk assessments. Strong knowledge of security strategies related to systems, networking, and application infrastructure. Ability to create and maintain strategy documents related to the overall information security environment. Advanced knowledge of NCUA, FFIEC, GLBA, CIS Critical Security Controls, PCI DSS, MITRE ATT&CK, NIST, and other information security frameworks. Strong analytical and problem-solving skills with a focus on balancing security needs with business priorities. Excellent communication skills, capable of presenting complex security topics to senior leadership and board members. Proven experience in risk management, incident response, and policy development. Ability to work collaboratively across departments and influence stakeholders at all levels. Significant experience performing risk assessments. Strong knowledge of security strategies related to systems, networking, and application infrastructure. Ability to create and maintain strategy documents related to the overall information security environment. Advanced knowledge of NCUA, FFIEC, GLBA, CIS Critical Security Controls, PCI DSS, MITRE ATT&CK, NIST, and other information security frameworks. Strong analytical and problem-solving skills with a focus on balancing security needs with business priorities. Ability to successfully manage multiple, concurrent complex projects. Ability to develop action plans and organize workload to accommodate competing deadlines. Ability to maintain extremely sensitive and confidential information. Ability to interact effectively and professionally with colleagues and supervisors. Ability to give effective and constructive feedback to others. Ability to effectively coordinate and/or lead work teams activities and pro-actively manages the work output for quantity and quality across departmental lines Has knowledge of and adheres to credit union policies and procedures and all regulations related to the bank Secrecy Act, the USA Patriot Act and OFAC. Working Conditions Ability to work the hours needed which may extend beyond the defined work schedule when operating conditions dictate. Ability to lift up to 15 lbs, with or without assistance, in compliance with ADA. Recurring evening and weekend work to meet deadlines; ability to respond to needs on an ad hoc and scheduled basis. Dexterity of hands and fingers to operate a computer keyboard, mouse, and to handle other computer components. Lifting from floor as well as table height and transporting of moderately heavy (up to 50 lbs) objects, such as computers and peripherals. Ability to travel independently to all TFCU facilities and designated sponsor locations as needed.