Information Security Manager/ISO

Description

Are you looking for an organization that values your experience? Are you a skilled customer service professional ready to take your career to the next level? If so, keep reading!

Tropical FCU (TFCU) is a Sun-Sentinel Top Workplace SIX years in a row. Being part of TFCU will provide you with opportunities to engage by learning, growing, contributing, collaborating, and developing professionally. Join us for a great employee experience focused on engaging employees and members alike.

Individuals in the job are responsible for assisting Tropical Financial Credit Union with the achievement of its purpose of guiding members successfully through the financial marketplace. The Information Security Manager/ISO will oversee and ensure the effective implementation and management of the Credit Union's information security practices, programs, and policies. This role will be key in safeguarding the Credit Union's critical assets and systems against cyber threats and will ensure compliance with regulatory requirements, industry standards, and best practices. The Information Security Manager will also support the Credit Union's internal and external audit requirements, particularly in relation to IT risk management, cybersecurity operations, data protection, identity and access management, and other security-related areas.

Essential Duties and Responsibilities include the following. Other duties may be assigned.

• Lead the development, implementation, and continuous improvement of the Credit Union's information security framework, ensuring risks related to IT and cybersecurity are effectively managed.
• Lead efforts in the development, implementation, and maintenance of the organization's information security program, ensuring adherence to federal and state regulations.
• Collaborate with IT, Risk Management, Compliance, and Legal departments to integrate information security into business processes, addressing common security challenges.
• Oversee the monitoring and security of the organization's network, including LAN/WAN/Internet/Intranet.
• Regularly review firewall, intrusion detection, and prevention systems, ensuring they meet security standards.
• Support the execution of the annual audit plan for Information Security, ensuring alignment with global regulatory requirements and internal audit protocols. Conduct audits in cybersecurity operations, IT risk management, vulnerability management, data privacy, and network security.
• Serve as the key liaison for internal and external auditors, ensuring security policies and testing align with organizational and regulatory requirements.
• Oversee vulnerability assessments and penetration testing for various applications, ensuring methodologies remain up-to-date and compliant with regulatory standards.
• Ensure compliance with cybersecurity and IT regulations, and support responses to regulatory examinations and external audit requests.
• Responsible for developing, implementing, and maintaining the Credit Union's overall member / information security program's policies and procedures. Lead the continuous monitoring program to identify and mitigate cybersecurity risks. Stay updated on industry developments, technological advances, and evolving regulatory expectations.
• Conduct risk assessments, communicate trends in security risks to senior management, and provide actionable insights to mitigate risks and improve the organization's security posture.
• Perform periodic risk assessments of controls, products, and policies. Prepare and coordinate recommendations as necessary to address security gaps.
• Investigate and oversee any security breaches or violations, coordinating response actions and remediation efforts with the IT department.
• Manage the organization's incident response activities in the event of a cybersecurity breach, coordinating with internal teams and external partners to minimize the impact.
• Identify security deficiencies, develop remediation plans, and work with management to implement corrective actions promptly.
• Develop and lead training programs on current and emerging cybersecurity threats, compliance requirements, and best practices. Foster continuous learning within the Information Security team.
• Develop and implement employee and member security awareness programs, ensuring that all staff are informed of the latest cybersecurity trends and best practices.
• Oversee third-party providers to ensure the implementation of appropriate security measures. Review and evaluate partner connections, independent audit reports, vulnerability assessments, and security programs to ensure compliance with internal standards.
• Administer key systems and secure email service. Ensure the proper use of these tools in maintaining the organization's security posture.
• Develop and deliver monthly security metrics and reports, providing an overview of information security activities and ongoing risk management efforts.
• Continuously research and evaluate emerging security tools, programs, and technologies. Recommend security enhancements and solutions to protect organizational assets.
• Assist the CTO in the development, implementation, and testing of the Disaster Recovery and Business Continuity Plans, ensuring they align with organizational and security needs.
• Recruit, train, and develop staff to ensure a high-performing team capable of meeting IT Business Applications expectations.
• Conduct regular coaching and performance evaluations, provide feedback, and set clear goals and outline development opportunities for team members.
• Foster a positive and collaborative work environment that promotes teamwork and continuous improvement.
• Ensure team training and development and reinforcement to ensure adherence to Credit Union policies, procedures, and regulatory requirements and thorough knowledge of products and services.

BSA Compliance & Training:

• Lead efforts in ensuring full compliance with the Bank Secrecy Act (BSA), anti-money laundering (AML) policies, and procedures across the credit union.
• Provide guidance and oversight into the identification of unusual or suspicious activity, ensuring that it is reported and investigated appropriately.
• Oversee the completion of annual BSA and OFAC training courses for relevant personnel, maintaining comprehensive knowledge of the Bank Secrecy Act, Customer Identification Program, USA Patriot Act, OFAC, Fair Lending, and the Credit Card Act.
• Ensure that all team members comply with TFCU policies and procedures to maintain adherence to relevant regulations.

Perform other duties as required, with or without accommodation.

We offer Excellent Benefits such as:

• • Medical, Dental and Vision Insurance
  • Retirement Profit Sharing 401K Plan
  • Accident, Cancer and Hospital Indemnity Plan
  • Prepaid Legal
  • Voluntary Life Insurance
  • Pet Discount Program
  • Paid Time Off/ 11 Paid Holidays
  • And so much More!

Requirements

Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• A significant level of trust and diplomacy is required, in addition to normal courtesy and tact. Work involves extensive personal contact with others and is usually of a personal or sensitive nature.
• Work may involve motivating, influencing or training others.
• Outside contacts become important and fostering sound relationships with other entities (companies and/or individuals) becomes necessary and often requires the ability to influence and/or sell ideas or services to others.
• Demonstrated project management skills, PMP certification a plus.
• Ability to coordinate, delegate and ensure accountability with multiple activities, team members and work, in a high pace environment.
• Strong interpersonal and leadership skills.
• Excellent verbal and written communication skills and have the ability make presentations to internal and external groups.
• Ability to work and travel independently as needed and use general office equipment.

Education and/or Experience

• Bachelor's degree in computer science or information systems preferred, will consider work experience and certifications in lieu of bachelor's degree.
• Minimum of 8 years of experience in information security, IT risk management, or cybersecurity, ideally within the banking or financial services industry. Experience in leading audits and managing security risk assessments is preferred.
• Minimum 3 years of business experience in a financial institution or technology company, dealing with multiple business platforms, business processes, geographies, and legal entities.
• Minimum 3 years of experience managing teams and leading security initiatives.
• Experience performing vulnerability and IT risk assessments.
• Desired Information Security related certifications,CISM, CISA, CIS, CISSP, GIAC, CEH, Security+

Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand, walk, sit and use hands to handle or touch. The employee is occasionally required to reach with hands and arms. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, and ability to focus. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.