Position
VP Information Security & Chief Information Security Officer (CISO)
Job Code-8508
req5701
Vinings
Full Time

Job Description
Create your success story at Delta Community Credit Union – where opportunity meets purpose. Through our commitment to excellence, Delta Community has received numerous industry awards and earned the trust and loyalty of our employees, members and the metro Atlanta community. We value talent, encourage growth and keep community at the heart of everything we do. That’s why we’re one of Atlanta’s Best Places to Work! Whether you’re starting your professional journey or navigating the next step in your career, we invite you to join the Delta Community Credit Union team.

Reporting to the Chief Risk Officer, the Vice President of Information Security serves as the organization’s Chief Information Security Officer (CISO), responsible for Delta Community’s information and data security. The CISO should have deep expertise in all things information security and is responsible for defining and executing Delta Community’s Information Security strategy and program ensuring regulatory alignment. They are responsible for the development and implementation of an enterprise-wide information security training and awareness program and are responsible for the organization’s Business Continuity Program (BCP). In addition, the position is responsible for information security incident response and regular reporting to the Board of Directors, along with quarterly reporting to the Corporate Information Security Committee as well as the Audit Committee. They advise executive management on information security matters that impact enterprise risk to ensure strategic initiatives align and objectives are met. They are expected to utilize technical skills along with non-technical experience and competency to lead the Information Security Program.

Essential Functions:

• Develop and maintain the Credit Union strategy regarding information security and data security.
• Responsible for identifying strategic initiatives and providing oversight of these implementations in order to grow and maintain a strong security posture across the organization.
• Manage regulatory relationships and ensure audit readiness with regulators and independent assessors.
• Oversee the Credit Union's information and data security policy framework and related governance.
• Responsible for managing risk through a shared vision with business leaders by consulting with and providing expert advice to senior management and their organizations in the development, implementation, and administration of information security and privacy policies, procedures, infrastructure and controls.
• Define and monitor security risk metrics, dashboards, and board-level reporting to evaluate the operating effectiveness of key controls related to information security.
• Develop and implement information security awareness training throughout the organization.
• Lead incident response investigations of any actual or potential information security violations and manage escalation of security events.
• Perform and maintain continual risk assessments related to information security.
• Review upcoming changes in Credit Unions systems, procedures, and controls for impact on the enterprise information security posture.
• Continue professional development through training and participation in professional organizations.
• Strengthen and lead the Vendor Risk Management (VRM) and Third-Party Risk Management (TPRM) programs.
• Take initiative in identification of information security issues and provide expert recommendations to address identified areas of concern .
• Oversee the enhancement of the enterprise Crisis Management, Incident Response, and Business Resiliency Programs.
• Lead responsible AI governance initiatives, aligning with regulatory guidance and member expectations.
• Manage and provide developmental leadership for staff in support of the Information Security function.
• Perform all duties and responsibilities as assigned by the Chief Risk Officer or Board of Directors.

Other
• This description reflects management’s assignment of essential functions, it does not prescribe
or restrict the tasks that may be assigned.
• This job description is subject to change at any time.

Position may offer work from home opportunities, pending specific performance and departmental needs.

Job Qualifications
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Required Minimum Qualifications:
• Bachelor’s Degree in Computer Science, Information Technology, Business Administration or related field.
• Professional certifications in information security (CISSP, CISM, C|CISO, CRISC, CISA).
• 10+ years of information security experience in increasingly responsible roles.
• Excellent knowledge of information security technology, such as firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), virtual private networks (VPNs), cryptography, artificial intelligence (AI) and anti-malware.
• Extensive experience in application risk assessments, vulnerability assessments, network security, endpoint security, and application security.
• Candidate must be well-organized, efficient, and able to work independently with multiple projects.
• Credible communicator and collaborator with regulators, all levels of management, staff, Board of Directors, and Audit Committee members.
• Must possess outstanding oral and written communication skills to prepare reports and discuss findings and recommendations with management.
• Must have well developed change management skills; be effective in working across organizational boundaries to build a case for changes, and to execute on the change plan - from strategy through ongoing operation and process improvement.
• Experienced in, and able to formulate, the cost effectiveness benefit of security initiatives in the context of overall business risk mitigation and the company's operational objectives.
• Must have ability to compare, contrast and prioritize among alternative approaches to meet those objectives.
• An excellent understanding of security and privacy regulations, such as those implemented under the Gramm-Leach Bliley Act (GLBA), and international privacy laws required, along with a thorough understanding of security and auditing standards such as ISO 27000, Control Objectives for Information and related Technology (COBIT), relevant National Institute of Standards and Technology (NIST) standards, and the PCI Data Security Standard (DSS).
• Successful candidates should possess the following competencies: Creativity and Innovation, Decision Making, Interactive Communications, Relationship Building, Results Management.
• Comply with all Credit Union policies and procedures including those related to Bank Secrecy Act regulations.

Preferred Qualifications:
• Master’s degree in Computer Science, Information Technology, Business Administration or related field.
• Supervisory experience managing cross-functional teams to embed trust and security into the culture of the organization.
• Prior CISO, VP of Security, or equivalent leadership role.
• Financial institution experience.
• Passionate about advancing AI-enabled security and fraud detection as differentiators in banking.