Information Security Manager

Job Description

HAPO Community Credit Union has an exciting opportunity to add an Information Security Manager to its growing Information Security team. We are looking for an individual who is ambitious, self-motivated and who strives to represent HAPO's core commitments to "Be in the Moment to Defy Expectations" with our members, community and the team they lead. These commitments support HAPO's goal of providing more value, convenience, security and a level of service that goes above superior. The Information Security Manager is responsible for implementing, maintaining, and overseeing information security: controls, solutions/platforms, processes, procedures, third party security risks, as well as monitoring and responding to information security events and incidents. This position works closely with the Director of Information Security & Enterprise Risk Management to obtain and execute communicated strategic initiatives and objectives. This position will oversee and manage the training, tasks and responsibilities of information security personnel who are supporting the operational efforts related to the areas noted above.

Essential Job Functions include but are not limited to:

• Develops ongoing strategies for the Credit Union's information security programs that comply with laws, regulations, and industry best practices.
• Identify and report on key performance indicators related to information security department activities and responsibilities.
• Serve as the primary contact for the examiners, internal and external auditors for your area of responsibility; includes gathering documents and evidentiary reports and responding to follow up questions.
• Responsible for the monitoring, response and escalation of security events, incidents and high impact threats.
• Oversee the security engineering (design and control) of information systems and processes, including reviews and approvals of design and control additions or changes.
• Oversee the secure configuration and management of information security systems and platforms, including reviews and approvals of design and control additions or changes.
• Drive information security awareness and training programs for the credit union.
• Responsible for overseeing processes to identify and report on the organization's vulnerabilities and the effectiveness of remediation activities.
• Oversee the development, implementation and maintenance of information security programs, standards and procedures.
• Provide subject matter expertise on enterprise cyber security, threat, technology risks and potential impacts.
• Oversee and manage third party service and technology providers under the responsibility of the Information Security Department.
• Work closely with management, ISC and external partners to implement controls outlined according to FFIEC Information Security Standards.
• Ensure that information security program level documents are reviewed and updated where needed, at least annually.

Desired Skill Sets and Knowledge:

• Knowledge in security frameworks such as: FFIEC, NIST, CIS Top 20 and PCI
• Expertise in cyber security threat analysis, detection and prevention activities and technologies
• Exceptional communicator with both technical and nontechnical audiences
• Windows knowledge and skills
• Knowledge of the principles of secure network design and web application security
• Have a strong understanding of process mapping (inputs, processes and outputs)
• Ability to assess risk rationally and provide reasonable solutions to mitigate risks
• Ability to write reports, correspondence, policies and procedures
• Ability to problem solve and possess strong analytical skills
• Must be able to present and lead discussions with large and small groups of employees, including management and senior management
• Must have strong organizational skills

Requirements:

• High School Diploma or General Education Development (GED) certificate
• A Bachelor degree in Computer Science, or equivalent field experience (7+ years)

Certifications Preferences:

• Certified Information Systems Security Professional (CISSP) or
• Certified Information Security Manager (CISM)
• Certified Ethical Hacker (CEH)
• SANS GIAC Security Certifications

Our Benefits:
We offer competitive salaries and a comprehensive benefits package which includes for this position:

• Matching 401(k)
• Pension plan
• Competitive paid time off (Including Vacation, Holiday Pay, Personal Time, Sick leave, Birthday Day, Anniversary Day and more)
• No cost premium health insurance for employee plus their eligible dependents, including medical, dental and vision
• No cost additional AFLAC coverage for employee
• Phone and Mileage Stipends
• No cost life insurance
• Additional plan are available for purchase. This includes additional AFLAC, additional life & ADD insurance, Pet insurance, and Flexible Spending Accounts.
• Many other employee engagement programs

Starting Annual Salary (DOE): $116,812.80 - 175,219.20+
This is a full-time, exempt position

Location: Kennewick, WA
This is an on-site position

HAPO is an equal opportunity employer that values employees and supports an organizational culture of diversity, respect and personal and professional growth.

*Please note that only candidates selected to move forward in the interview process will be contacted. Thank you for your understanding.