What are the responsibilities and job description for the Information Security Operations Manager position at Utah Community Credit Union (UCCU)?
Job Details
Description
Responsible for implementing and managing operational cybersecurity controls, including identity and access management, change control, and vulnerability management. Accountable for maintaining secure configurations, enforcing least privilege, and ensuring compliance with security policies and frameworks. Collaborates with governance, architecture, and other teams for policy alignment and operational feasibility. Consulted on risk management, third-party coordination, and strategic security initiatives.
Essential Functions And Basic Duties
EDUCATION/CERTIFICATION: Bachelor’s degree in Cybersecurity or related field or equivalent experience.
CISSP, GIAC, Security , CEH
REQUIRED KNOWLEDGE: Knowledge or NIST CSF 2.0 or other cybersecurity frameworks.
Understanding of network security, identity and access management, vulnerability management, and SEIM and incident response processes.
Understanding of financial institution risk and operations.
Familiarity with regulatory and compliance requirements.
EXPERIENCE REQUIRED: Minimum three years of experience in cybersecurity operation, penetration testing, or a related field.
Hands-on experience with SIEM tools, endpoint protection, and intrusion detection/prevention systems.
Proven track record in incident response and threat analysis.
Working knowledge of the framework policy and regulatory environment of information security, especially in financial services.
A demonstrated ability to work collaboratively with a broad range of constituencies essential.
SKILLS/ABILITIES: Strong problem-solving and critical-thinking skills.
Good interpersonal and supervisory skills.
Solid technical expertise skills.
Excellent communication and collaboration abilities for cross-functional coordination.
Ability to manage multiple priorities in a fast-paced environment.
Physical Activities And Requirements Of This Position
TALKING: Especially where one must frequently convey detailed or important instructions or ideas accurately, loudly, or quickly.
AVERAGE HEARING: Able to hear average or normal conversations and receive ordinary information.
REPETITIVE MOTION: Movements frequently and regularly required using the wrists, hands, and/or fingers.
AVERAGE VISUAL ABILITIES: Average, ordinary, visual acuity necessary to prepare or inspect documents or computer screen.
PHYSICAL STRENGTH: Sedentary work; sitting most of the time. Exerts up to 10 lbs. of force occasionally. (Almost all office jobs.)
WORKING CONDITIONS
NONE: No hazardous or significantly unpleasant conditions (such as in a typical office).
Mental Activities And Requirements Of This Position
REASONING ABILITY: Interpret and apply cybersecurity policies, standards, and regulatory requirements to operational practices.
Evaluate risk scenarios and prioritize remediation efforts based on business impact and threat severity.
Make sound decisions in ambiguous or rapidly changing situations with limited information.
Adapt problem-solving approaches to evolving technologies and threat landscapes.
MATHEMATICS ABILITY: Apply basic arithmetic and algebra to analyze security metrics and operational data.
Calculate risk scores, probability, and impact assessments for cybersecurity threats.
Interpret statistical data to identify trends, anomalies, and performance indicators.
Perform quantitative analysis for capacity planning, resource allocation, and system performance.
Use mathematical reasoning to validate encryption strength, hashing algorithms, and key management processes.
Understand and apply concepts of percentages, ratios, and averages for reporting and compliance metrics.
LANGUAGE ABILITY: Read, interpret, and apply technical documentation, security policies, and regulatory requirements.
Write clear and concise reports, incident summaries, and technical documentation for both technical and non-technical audiences.
Communicate effectively with internal teams, management, and external partners during normal operations and security incidents.
Present complex security concepts in a way that is understandable to stakeholders at all levels.
Respond promptly and professionally to inquiries, alerts, and incident notifications.
Collaborate across departments using strong verbal and written communication skills.
Intent And Function Of Job Descriptions
Job descriptions assist organizations in ensuring that the hiring process is fairly administered and that qualified employees are selected. They are also essential to an effective appraisal system and related promotion, transfer, layoff, and termination decisions. Well-constructed job descriptions are an integral part of any effective compensation system.
All descriptions have been reviewed to ensure that only essential functions and basic duties have been included. Peripheral tasks, only incidentally related to each position, have been excluded. Requirements, skills, and abilities included have been determined to be the minimal standards required to successfully perform the positions. In no instance, however, should the duties, responsibilities, and requirements delineated be interpreted as all inclusive. Additional functions and requirements may be assigned by supervisors as deemed appropriate.
In accordance with the Americans with Disabilities Act, it is possible that requirements may be modified to reasonably accommodate disabled individuals. However, no accommodations will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization.
Job descriptions are not intended as and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law.
Description
Responsible for implementing and managing operational cybersecurity controls, including identity and access management, change control, and vulnerability management. Accountable for maintaining secure configurations, enforcing least privilege, and ensuring compliance with security policies and frameworks. Collaborates with governance, architecture, and other teams for policy alignment and operational feasibility. Consulted on risk management, third-party coordination, and strategic security initiatives.
Essential Functions And Basic Duties
- Implement and manage cybersecurity controls, including identity and access management, vulnerability management, and secure configurations.
- Assist with monitoring networks, systems, and user activity to detect and respond to potential cybersecurity threats.
- Participate in incident response and recovery plans, ensuring timely containment, mitigation, and communication.
- Perform vulnerability scanning, patch management, and remediation activities.
- Maintain configuration and change management processes to ensure compliance with security standards.
- Manage access controls, remote access, and enforce multi-factor authentication.
- Design and validate controls for data at rest and in transit, implement integrity checks, and enforce secure data disposal.
- Collaborate with governance, security architecture, and internal/external partners to align operations with organizational risk strategy.
- Continuously improve detection, protection, and response processes to address evolving threats.
- Ensure compliance with regulatory requirements, maintain audit logs, and provide security reporting to leadership.
- Works a regular and predictable schedule.
- Timely remediation of identified vulnerabilities based on severity
- Audit results showing compliance with internal policies, regulatory requirements, and frameworks
- Percentage of changes implemented following approved security and configuration management processes.
- Positive feedback from governance, architecture, and incident response teams on coordination and information sharing.
- Implementation of process enhancements and adoption of new security technologies or practices.
- Timely and accurate submission of security metrics, incident reports, and compliance documentation.
EDUCATION/CERTIFICATION: Bachelor’s degree in Cybersecurity or related field or equivalent experience.
CISSP, GIAC, Security , CEH
REQUIRED KNOWLEDGE: Knowledge or NIST CSF 2.0 or other cybersecurity frameworks.
Understanding of network security, identity and access management, vulnerability management, and SEIM and incident response processes.
Understanding of financial institution risk and operations.
Familiarity with regulatory and compliance requirements.
EXPERIENCE REQUIRED: Minimum three years of experience in cybersecurity operation, penetration testing, or a related field.
Hands-on experience with SIEM tools, endpoint protection, and intrusion detection/prevention systems.
Proven track record in incident response and threat analysis.
Working knowledge of the framework policy and regulatory environment of information security, especially in financial services.
A demonstrated ability to work collaboratively with a broad range of constituencies essential.
SKILLS/ABILITIES: Strong problem-solving and critical-thinking skills.
Good interpersonal and supervisory skills.
Solid technical expertise skills.
Excellent communication and collaboration abilities for cross-functional coordination.
Ability to manage multiple priorities in a fast-paced environment.
Physical Activities And Requirements Of This Position
TALKING: Especially where one must frequently convey detailed or important instructions or ideas accurately, loudly, or quickly.
AVERAGE HEARING: Able to hear average or normal conversations and receive ordinary information.
REPETITIVE MOTION: Movements frequently and regularly required using the wrists, hands, and/or fingers.
AVERAGE VISUAL ABILITIES: Average, ordinary, visual acuity necessary to prepare or inspect documents or computer screen.
PHYSICAL STRENGTH: Sedentary work; sitting most of the time. Exerts up to 10 lbs. of force occasionally. (Almost all office jobs.)
WORKING CONDITIONS
NONE: No hazardous or significantly unpleasant conditions (such as in a typical office).
Mental Activities And Requirements Of This Position
REASONING ABILITY: Interpret and apply cybersecurity policies, standards, and regulatory requirements to operational practices.
Evaluate risk scenarios and prioritize remediation efforts based on business impact and threat severity.
Make sound decisions in ambiguous or rapidly changing situations with limited information.
Adapt problem-solving approaches to evolving technologies and threat landscapes.
MATHEMATICS ABILITY: Apply basic arithmetic and algebra to analyze security metrics and operational data.
Calculate risk scores, probability, and impact assessments for cybersecurity threats.
Interpret statistical data to identify trends, anomalies, and performance indicators.
Perform quantitative analysis for capacity planning, resource allocation, and system performance.
Use mathematical reasoning to validate encryption strength, hashing algorithms, and key management processes.
Understand and apply concepts of percentages, ratios, and averages for reporting and compliance metrics.
LANGUAGE ABILITY: Read, interpret, and apply technical documentation, security policies, and regulatory requirements.
Write clear and concise reports, incident summaries, and technical documentation for both technical and non-technical audiences.
Communicate effectively with internal teams, management, and external partners during normal operations and security incidents.
Present complex security concepts in a way that is understandable to stakeholders at all levels.
Respond promptly and professionally to inquiries, alerts, and incident notifications.
Collaborate across departments using strong verbal and written communication skills.
Intent And Function Of Job Descriptions
Job descriptions assist organizations in ensuring that the hiring process is fairly administered and that qualified employees are selected. They are also essential to an effective appraisal system and related promotion, transfer, layoff, and termination decisions. Well-constructed job descriptions are an integral part of any effective compensation system.
All descriptions have been reviewed to ensure that only essential functions and basic duties have been included. Peripheral tasks, only incidentally related to each position, have been excluded. Requirements, skills, and abilities included have been determined to be the minimal standards required to successfully perform the positions. In no instance, however, should the duties, responsibilities, and requirements delineated be interpreted as all inclusive. Additional functions and requirements may be assigned by supervisors as deemed appropriate.
In accordance with the Americans with Disabilities Act, it is possible that requirements may be modified to reasonably accommodate disabled individuals. However, no accommodations will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization.
Job descriptions are not intended as and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law.