When joining Elevations, you can expect to work for a company that:
• Provides amazing experiences and creates raving fans.
• Strives to provide solutions for a better life and promises employees it will be the best place they have ever worked.
• Wins awards such as “Best Bank”, “Best Companies to Work for in Colorado” and even the “Malcolm Baldrige National Quality Award”, the only Presidential award for quality.
• Has a highly-engaged workforce and emphasizes career growth, empowerment and servant leadership.
What’s in it for you:
• Competitive pay, organization-wide incentive program, 401k matching, mortgage and auto discounts
• 4 weeks min. paid time off, work anniversary paid time off, 11 paid holidays, and 16hrs paid volunteer time off
• Medical, dental, and vision health plans with FSA or HSA options
• Onsite fitness center, Zumba and yoga classes, health fairs with biometrics screening and flu shots
• Employee Assistance Program with a variety of services
• Career development, trainings, career coaching, job shadowing, mentoring program, tuition reimbursement up to $5,000/year, and a recognition system
• Culture of excellence and continuous improvement
• We strive to be the best place you’ve ever worked!
Position Summary: The VP of Information Security is responsible for developing, maintaining, and overseeing ECU’s information security program, including the governance, management, and advising on or coordinating as appropriate, the information security efforts and strategic vision across the organization.
This position reports to the Chief Information Officer and will oversee the maintenance and enhancement of information security policies and procedures, leads security risk assessment efforts, and drives information security awareness and training programs. He or she also advises and collaborates on development of business continuity and disaster recovery plans, audit, vendor management, and regulatory compliance practices to identify and mitigate any information security-related risks that could create inappropriate exposure to the business or its members' data.
The candidate will work closely with the CIO, technology security partners, and business stakeholders to ensure the information security program follows industry best practices, adheres to all Federal and State laws and regulations governing and applicable to the Credit Union, including the Bank Secrecy Act, and aligns with company stakeholder needs and expectations.
Major Duties and Responsibilities:
• Provides risk assessments, risk reports, strategy and operating model, program updates, and advises the CIO and CEO Council on all matters pertaining to information security and their potential impact to the business and its stakeholders.
• Accountable for the maintenance, enhancements, and monitoring of a strategic, risk management based, information security program to ensure the availability, integrity and confidentiality of information across the company.
• Functions as a thought leader and change agent to the organization and provides recommendations in the analysis and discussion of security policies, standards and practices, and guides the acquisition of advanced security controls.
• Responsible for employee information security education and awareness.
• Evaluates security risk and acts expeditiously in making decisions and recommendations, while considering the business impact.
• Manages the enterprise's information security organization, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and annual performance reviews. Recommend staffing levels, and resources to support best practices and business operations.
• Leads and coordinates, internally and externally, responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents.
• Creates or enhances security policies, standards, processes and procedures.
• Enhances and maintains information security risk mitigation plans, including leading security incident response in prevention, investigation, mitigation and reporting activities.
• Oversees outside consultants for independent security audits, engagements and monitoring, including regular penetration and vulnerability testing.
• Stays up-to-date on information security and safety protocols.
• Balances information security needs with the organization's strategic business plan, identifies risk factors with evolving business plans, and proposes mitigating solutions.
• Exercises extreme confidentiality as the scope of work will include access to sensitive data and financial perspectives.
Knowledge, Experience and Skill Requirements:
• 10+ years of experience with information security policy and program management.
• 5+ years of demonstrated leadership experience.
• A four year degree in Computer Science, Information Systems Management, Business Administration, Risk Management, or a related field.
• Experience working in the financial services industry, preferably for a credit union or bank.
• Relevant experience managing security for companies that leverage cloud technologies such as Amazon Web Services (AWS), Agile methodology, Iaas, and ITIL.
• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• The ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Must be able to effectively liaise with internal direct reports and senior management as well as external customers, clients, partners and stakeholders.
• Must be a critical thinker, a thought leader, and a change agent to the organization.
• Proven track record and experience in developing information security policies and procedures.
• Strong project management, financial/budget management, scheduling and resource management skills.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Strong knowledge of regulatory rules and standards that govern information security practices in the financial services industry, such as SEC, FINRA, CFTC/NFA, BSA and state and federal privacy laws.
• Certification as a Certified Information Security Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or Certified Information Security Manager (CISM).
About Us: Elevations Credit Union is a member-owned not-for-profit financial institution serving Colorado’s Front Range. Founded in 1953, we’ve grown from 12 members and less than $100 in assets to an institution with 13 branches and more than 120,000 members that manages over $1.7 billion in assets and is the No. 1 credit union mortgage lender in Colorado. At Elevations, we’ve made a commitment to move away from a product-centered business model and focus instead on creating consumer solutions. Our objective is to provide our members, as well as the entire community, with unbiased consumer information.
AAP/EEO Statement: Candidates for certain positions may be required to submit to a credit history report in determining qualification for employment with Elevations Credit Union. If the position you are applying for requires a credit history report, any information received in such report will be not be the sole factor in making an employment decision. A history of personal financial irresponsibility may be reason for disqualification insofar as it relates to your potential job duties. Elevations Credit Union is aware that occasionally there are extenuating circumstances that may affect an individual's credit history. We comply with the Fair Credit Reporting Act and the Colorado Employment Opportunity Act. We are proud to be an EEO/AA employer M/F/D/V. Elevations provides equal employment opportunity to all individuals regardless of their race, color, creed, religion, gender, age, sexual orientation, national origin, disability, veteran status, or any other characteristic protected by state, federal, or local law.