VP Information Security

VP Information Security Opportunity at Stanford Federal Credit Union

We’re on a mission to improve financial lives If you’re a high-energy, compassionate, and collaborative individual yearning to make a difference, we are looking for individuals like you to join our team Members really do come first at Stanford FCU because we are not-for-profit and owned by our members. Many of our members work for Stanford University or some of the most innovative companies in Silicon Valley—and we provide them with the most generous financial benefits in our industry.

Stanford FCU is a $4 billion company with a global reach—88,000 members in 90 countries and growing Contact us to see what it’s like to work for one of the Bay Area’s Top Workplaces. As our CEO says, “we work hard, and we play hard”, and we need your help to improve even more financial lives

Who YOU are:

• 10 years of experience in a combination of risk management, information security, and IT jobs (experience in a larger financial institution environment preferred)
• Bachelor’s degree (or advanced degree) in the field of information technology, finance, business, or technical discipline preferred (an equivalent combination of education and experience from which comparable knowledge and skills may be acquired is also acceptable).
• CISSP, CISM, CRISC, CISA certifications preferred.
• In-depth understanding of Information Security, Business Continuity Planning, Disaster Recovery Planning, Risk Assessments, Identity & Access Management, Change/Configuration Management, Governance, Problem/Incident Management, Awareness & Training Programs. Working knowledge of IT frameworks such as NIST, COBIT and ITIL.
• Knowledge of FFIEC guidelines, GLBA, CCPA, California S.B. 1386, PCI DSS, and other laws and regulations relevant to financial services – and the ability and knowledgeability to research and understand new rules, pronouncements, and regulations.
• Strong understanding of security practices and methodologies, security controls, vulnerability management, penetration testing, and architecture including the use of firewalls, intrusion detection/prevention, encryption, authentication, and other aspects of defense-in-depth.
• Top notch management and team mentorship skills
• Ability to thrive in a fast-paced environment and prioritize competing priorities, projects and people.
• Extremely deadline oriented
• Strong verbal/written skills and the ability to effectively interface with internal business clients, operations teams, technical engineering teams, internal audit, regulators, senior management, and board members.

What YOU’LL do:

• As the Information Security Officer, lead the Credit Union’s Information Security Program and provide oversight of technology risk management functions (information security, business continuity and disaster recovery planning, vendor management, change management, IT risk assessments, IT audits and examinations, IT regulatory compliance, IT policies and procedures, documentation).
• Provide strategic vision and lead a team of analysts responsible for managing IT risk across the organization.
• Develop and establish operating policies and procedures which are adequate and appropriate to support the needs of the business while ensuring regulatory compliance.
• Ensure the adequacy of security measures to protect the Credit Union’s information systems to meet business needs and satisfy regulatory requirements and guidelines.
• Identify areas of risk concentration, root causes, and viable remediation options and supports business partners in making appropriate risk decisions.
• Serve on planning and policy-making committees. Stay abreast of new developments in information systems technology and anticipate organizational modifications.
• Evaluate significant new applications to determine the adequacy of controls and recommend necessary changes/enhancements. Identify controls and evaluate the strength of each control to each risk factor. Monitor the movement of information to ensure the Credit Union’s data leak prevention (DLP) goals are being met.
• Prepare monthly/quarterly/annual reports for Management, the Board of Directors and their various sub-committees.
• Oversee the Credit Union’s Vendor Management Program. Provide policy and guidance on information security criteria, assess vendor risk and make recommendations when solutions are not in alignment with Credit Union policies.
• Ensure the Credit Union’s systems and network are not compromised. This includes responsibility for the intrusion detection/prevention systems for both network and host-based applications. Oversee anti-virus, anti-malware, anti-phishing prevention and detection effectiveness. Protect the Credit Union against insider threats.
• Implement an effective security awareness and training program for employees and members to combat social engineering, phishing, business email compromise, etc.
• Lead the response to incidents, crises, and investigations with sensitivity, tenacity, and a focus on detail.
• Consistently partner with colleagues and other departments on projects and initiatives to ensure that the information security team is apprised of changes and that the Credit Union’s projects incorporate information security requirements from the ground up.
• Create a culture whereby costs are controlled, transactions are secure, segregation of duties is followed, and efficiency is maximized while quality is not sacrificed.
• Consistently deliver new efficiencies, reporting outputs, and innovative solutions for the team.
• Develop and maintain information security policies and procedures to stay in compliance with both legal requirements and technical developments. Provide audit response management and ongoing guidance on solutions to achieve and maintain security compliance. Mitigate information security risks and correct compliance exposures and gaps.
• Ensure the culture and morale of your team is positive, open, and honest

Some of our benefits for YOU:

• 100% paid employee medical, dental, vision, life/AD&D and short-term disability insurance for the employee; 50% paid for dependents.
• Annual Incentive up to 20% of your salary (based on position)
• Employer 401(k) matching up to 5% plus additional annual discretionary contributions
• Education reimbursement up to $5,200/year
• Up to $500 per year in health/fitness benefits
• Employee recognition program with cash incentives
• Commute benefits up to $900 per year.
• Paid Sick Time accrues at two weeks per year.
• Paid Vacation Time accrues at three weeks per year.
• Paid Federal banking holidays (approximately 10 per year)
• Ongoing training and education, seminars, and conferences
• Loan rate discounts on some products (vehicle, mortgage and HELOC loans)
• Waived fees and deposit bonuses on Stanford FCU accounts
• Flex health/transit plan availability
• Employee Assistance Program with free benefits like counseling, help finding legal assistance and day care resources

Stanford Federal Credit Union provides pay ranges representing its good faith estimate of what the Credit Union reasonably expects to pay for a position. The pay offered to a selected candidate will be determined based on factors such as (but not limited to) the scope and responsibilities of the position, the qualifications of the selected candidate, departmental budget availability, internal equity, geographic location, and external market pay for comparable jobs.

If you are ready for this awesome opportunity (or know somebody who is) please contact us today

Please Note: SFCU does not provide work visa sponsorship or accept visa transfers for any positions. Applicants that require work visa sponsorship or transfer will not be considered for employment. SFCU does not provide any relocation benefits for any positions.

Stanford Federal Credit Union is committed to equal employment opportunities, and a workplace that embraces diversity and inclusion for qualified individuals of all backgrounds.