Manager, Information Security

Pay Classification

Exempt (Salary)

NMLS Required

No

Work Type

Variable

The Manager, Information Security is responsible for implementing and executing WPCU’s Information Security program and strategies under the leadership of the VP, Information role will collaborate with all lines of business through projects, risk assessments, controls, and control effectiveness manager will oversee tools utilized by the Information Security team to provide feedback on vendors and will be responsible for collaboration with various business units during a data incident to ensure incidents are properly documented and evidence is role will be expected to provide thought leadership to ensure the efficiency and effectiveness of the Information Security team.

The major activities for this position include :

1)Information Security Operations (40%)

a)Develop and oversee control effectiveness reviews to ensure all activities align in scope and frequency with information security policies and approved information security frameworks.

b)Develop and oversee information security’s involvement with vendor due diligence processes.

c)Develop and oversee Identity Access Governance processes to ensure alignment with the principle of least privilege access.

d)Develop and oversee information security related risk assessments. Develop and oversee processes to rate criticality of applications and controls to ensure risk assessments are aligned.

e)Ensure all assessments are completed in a timely manner including developing appropriate cross training plans to schedule impacts.

f)Develop and oversee reporting related to all assessments to ensure risk levels are appropriately assigned and management responses are captured.

g)Ensure identified gaps from information security assessments are appropriately tracked. Coordinate with various business units to collect timely updates.

2)Personnel Management & Procedures (20%)

a)Mentor assigned partners by administering individual development plans, making recommendations for promotions, or implementing coaching plans. This includes performing regular 1-on-1s with partners and completing annual reviews.

b)Ensure departmental procedures are effective, up-to-date, and follow company standards.

3)Project Management (20%)

a)Participate in project planning events to provide estimated work effort for projects including pro-active escalation of resources constraints to the VP of Information Security.

b)Assist in fostering an enterprise-wide security first culture by participating in project requirement gathering project owners of applicable controls, audit findings, or control effectiveness gaps that are appropriate for the project.

c)Attend on-going project meetings to advise and ensure information security controls are addressed.

4)Incident Management (10%)

a)Role will be responsible for ensuring data incidents are tracked, properly documented, and evidence has been collected.

b)Provide regular status updates to the VP of Information Security on open data incidents.

5)Audit and Regulatory Exam Support (10%)

a)Assist the Vice President of Information Security with internal and external audits to ensure document collections are completed in a timely manner and properly vetted.

b)Serve as subject matter expert during internal and external audits related to activities completed by Information Security.

c)Ensure assigned business units are operating efficiently and reliably, are in compliance with applicable laws, regulations, and rules, have appropriate operating controls to mitigate risk, and are performing at a high level.

Required Skills

This leader in information security must be skilled at developing and leading strategic Information Security programs across the enterprise in a complex, multi-system and multi-vendor environment. Strong, practical knowledge of Information Security concepts and technical architecture are knowledge of risk and information security frameworks are essential.

1) A bachelor’s degree is required, preferably in Information Technology, Information Security, or a related field.A master’s degree in a related discipline is preferred.

2) At least 7+ years of experience in Information Technology or Information Security is required, with at least 3+ years of experience in a leadership experience with developing mapping controls to business processes, building control effectiveness reviews, or building risk ratings to allow business units to identify priorities is preferred.

3) A Certified Information System Security Professional (CISSP), Certified Information Security manager (CISM), or similar certification is required.

4) Demonstrate experience in evaluating vendor due diligence and vendor risk assessment processes.

5) Demonstrate experience in Identity Access Management including how to perform user access and rights reviews to align with least privilege access.

6) Demonstrate experience with developing and implementing a risk assessment process that is collaborative with business units and documents risk in accordance with board approved risk appetite.

7) Demonstrate strong leadership skills including the ability to work collaboratively and manage a remote workforce.

8) Demonstrate ability to drive and manage initiatives that increase operational efficiency, enhances quality, and improves / maintains service levels.