What are the responsibilities and job description for the Director of Information Security position at Orion Financial?
POSITION PURPOSE
The Director of Information Security leads the cyber security team in protecting company hardware, software, and network systems from cyber-attacks. The Director of Information Security works to understand company IT infrastructure in detail to continually monitor and evaluate threats as well as make recommendations and implement new procedures and tools to increase security capability. The Director of Information Security ensures proactive compliance of IT security systems, processes and controls with credit union information security program, security policies and regulatory compliance guidelines, and continuously looks for ways to enhance company network security and protect sensitive information.
Essential Functions And Basic Duties
EDUCATION/CERTIFICATION: Bachelor’s degree in Computer Science, Management Information Systems or closely related subject required. Advanced degree preferred. Security , CEH, CySA , CISM, CISA, CISSP certification preferred.
REQUIRED KNOWLEDGE: Documentable knowledge of Cyber Incident Response, IDS/IPS, SIEM, PAM, Patch Management, Vulnerability and Risk Management, Data Classification Management and Threat Detection and Management.
EXPERIENCE REQUIRED: Five (5) years of experience as a Cybersecurity Manager, Information Security Manager, CISO, or similar role
Skills/Abilities
Ability to communicate effectively with technical and non-technical Stakeholders, including senior management.
Very strong analytical & problem-solving skills,
Strong written and oral communication skills with an understanding that group presentations on created work is required for knowledge transfer, incident and problem management systems & procedures.
Ability to drive consistent and repeatable results.
Self-starter, dependable partner, as well as team player.
Successful candidates must pass pre-employment credit checks, background checks, and drug screens.
Orion Financial is an equal opportunity at will employer and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, national origin or any other federal or state protected class. We maintain a drug-free workplace and perform pre-employment substance abuse testing. If you are unable to complete this application due to a disability, contact us to ask for an accommodation or an alternative application process.
The Director of Information Security leads the cyber security team in protecting company hardware, software, and network systems from cyber-attacks. The Director of Information Security works to understand company IT infrastructure in detail to continually monitor and evaluate threats as well as make recommendations and implement new procedures and tools to increase security capability. The Director of Information Security ensures proactive compliance of IT security systems, processes and controls with credit union information security program, security policies and regulatory compliance guidelines, and continuously looks for ways to enhance company network security and protect sensitive information.
Essential Functions And Basic Duties
- Analyze information databases and applications for potential security risks.
- Monitor security system to identify new threats or needs for updates.
- Develop or enhance training for employees in security awareness and new procedures.
- Provide updates to the NCUA for regulatory compliance including notifications on any security incidents.
- Provide updates to the Board of Directors and executive leadership on any security incidents as directed by the CIO or stated in Orion policies and procedures.
- Work with CIO and technology leadership to develop new or enhance current security procedures to reduce or eliminate potential threats.
- Work with CIO and technology leadership to oversee implementation of new policies and procedures.
- Work with the Director of IT – Networking & Operations to improve the efficiency, effectiveness, reliability, and security of the on-premises and cloud computing infrastructure of Orion systems.
- Work with organization leaders on updates to business continuity planning and regular testing of continuity plans.
- Lead in performing regular audits with third parties, including audit firms as well as regulatory agencies.
- Work with Facilities team to implement new or enhanced physical security systems and procedures related to information security and protection of Orion technology assets.
- Responsible for the configuration of tools including but not limited to: Virus Software, password protections software, vulnerability management software, activity log management, honeypots and privilege access management.
- Conduct SOC 2 review of third-party IT security controls.
- Work with Third Party Security Operations Center for reporting, trends and incident response.
- Responsible for reporting which evaluates detection, firewall, and traffic log data to identify activities including but not limited to: policy violations, abnormal behaviors, intrusions, best practice recommendations, etc.
- Conduct network forensics as required as a result of any cyber breach.
- Champion all IT security best practices in all layers.
- Analyze daily incident reporting trends from IDS/IPS and SIEM logs.
- Research trends, news and threats in cyber space and recommend best practices to secure credit union data.
- Conduct ongoing tests of all company networks to determine weaknesses.
- Facilitate ongoing phishing testing and training of staff.
- Work with Microsoft Engineer on AD security hardening.
- Drive and facilitate Cyber Incident Response Policy including contingency plans.
- Drive and facilitate Data Classification Policy.
- Facilitate penetration testing, risk assessments, vulnerability and threat assessments of networks and systems. Ensure timely remediation and tracking of all findings.
EDUCATION/CERTIFICATION: Bachelor’s degree in Computer Science, Management Information Systems or closely related subject required. Advanced degree preferred. Security , CEH, CySA , CISM, CISA, CISSP certification preferred.
REQUIRED KNOWLEDGE: Documentable knowledge of Cyber Incident Response, IDS/IPS, SIEM, PAM, Patch Management, Vulnerability and Risk Management, Data Classification Management and Threat Detection and Management.
EXPERIENCE REQUIRED: Five (5) years of experience as a Cybersecurity Manager, Information Security Manager, CISO, or similar role
Skills/Abilities
Ability to communicate effectively with technical and non-technical Stakeholders, including senior management.
Very strong analytical & problem-solving skills,
Strong written and oral communication skills with an understanding that group presentations on created work is required for knowledge transfer, incident and problem management systems & procedures.
Ability to drive consistent and repeatable results.
Self-starter, dependable partner, as well as team player.
Successful candidates must pass pre-employment credit checks, background checks, and drug screens.
Orion Financial is an equal opportunity at will employer and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, national origin or any other federal or state protected class. We maintain a drug-free workplace and perform pre-employment substance abuse testing. If you are unable to complete this application due to a disability, contact us to ask for an accommodation or an alternative application process.