Director Cyber and Information Security

Truliant’s mission is to improve lives by putting our members first, providing great service and straightforward financial solutions. Our core values of Member Focus, Service, Guidance, Relationships, and Community define how we interact with members to fulfill our mission of improving lives and providing a foundation on which we conduct ourselves.

Our Promise to Our Teammates: Truliant strives to provide all teammates with an enjoyable place to work where they feel valued, empowered and rewarded for all that they do.

Purpose of the Job

The Director of Cyber and Information Security is responsible for developing, implementing, and overseeing comprehensive cybersecurity strategies, policies, and procedures to mitigate risks and protect against cyber threats.   The leader plays a pivotal role in safeguarding our organization's digital assets and ensuring the integrity, confidentiality, and availability of sensitive information.  The Director of Cyber and Information Security is a strong, obvious leader responsible for leading IT Security and IT Security Incident Response for the Credit Union.  The Director is expected to possess a deep technical understanding of information security engineering and how to apply them to safeguard Credit Union assets effectively.

This role will work with business stakeholders to help define solution strategies and implement effective security controls that minimize risk while minimizing impact on user productivity, empowering the organization to navigate the evolving landscape of cyber threats and fostering a culture of security awareness and resilience.  A crucial element of the Director’s role is working with senior leaders, line-of-business managers, and other key decision-makers to determine acceptable levels of residual IT risk for the Credit Union as a whole. This role is also responsible for clearly understanding the levers and choices to mitigate risks as appropriate. This role will lead a best-in-class IT risk management and information security team in delivering advisory and cybersecurity services for Credit Union Information Security programs.

The Director is responsible for establishing security governance and executing an information security framework to safeguard information assets. This role will research, select, and negotiate contracts with best-in-class third-party providers for the potential implementation of additional information security products, services, and monitoring capabilities.  The Director will lead by example, drive continuous improvement, ensure security, compliance, recoverability, and maintain a relentless focus on risk management.

Essential Functions and Responsibilities

• Develops and oversees the implementation of a comprehensive security architecture that aligns with organizational goals and industry best practices.
• Ensures security measures are integrated into all technology deployments, including cloud services, on-premises infrastructure, and third-party applications.
• Conducts regular security assessments and audits to identify weaknesses in the architecture and recommend improvements.
• Stays abreast of emerging technologies (e.g., AI, IoT) and evaluates their security implications, ensuring the architecture supports secure adoption.
• Works closely with IT, application development, and network teams to ensure a unified approach to security across all platforms.
• Collaborates with executive leadership and key stakeholders to advocate for security initiatives and secure necessary resources.
• Defines and monitors key performance indicators (KPIs) to measure the effectiveness of security programs and initiatives.
• Fosters a culture of continuous improvement by regularly reviewing and updating security programs based on industry trends, emerging threats, and organizational changes.
• Implements and manages access control measures to safeguard data, ensuring that only authorized personnel can access sensitive information.
• Oversees compliance with data-related regulations (NCUA, FFIEC, GLBA, PCI, etc.), ensuring the organization adheres to legal and ethical standards.
• Oversees the deployment and management of security information and event management (SIEM) systems and other monitoring tools.
• Ensures real-time detection and alerting of potential security incidents, conducting regular reviews of logs and alerts.
• Establishes and maintains an incident response plan, including protocols for containment, eradication, recovery, and lessons learned.
• Leads the incident response team during security breaches, ensuring timely and effective incident response.
• Conducts post-incident reviews to analyze incidents, document findings, and implement improvements.
• Regularly assesses the organization’s systems and networks for vulnerabilities and recommends remediation actions.
• Conducts risk assessments to evaluate the potential impact of identified threats on business operations.
• Maintains detailed documentation of security policies, procedures, and incidents for accountability and compliance.
• Develops and implements organization-wide security awareness training programs for all employees.
• Regularly assesses the organization’s security posture and implements continuous improvement initiatives.

Other Duties and Responsibilities

• Departmental financial management, budgeting, and reporting.
• Team development, management, and performance.
• Assists with other tasks and projects as assigned.

Knowledge, Skills, and Abilities

• Must have advanced problem-solving and analytical skills, with the ability to assess complex security issues and develop innovative solutions. This position requires a blend of strategic thinking and operational excellence to deliver technical security services consistently across the Credit Union.
• Must have excellent leadership and communication skills with all levels of Credit Union staff, including executives, auditors, finance, legal, IT staff, and third parties, in matters related to IT risk, Information Security, compliance, and audit requirements and remediation. Managerial solid and facilitation skills required.
• Must have in-depth knowledge of cybersecurity principles, technologies, and methodologies, and a strong understanding of regulatory requirements such as GLBA, SOX, and PCI DSS.
• Must have a deep understanding of cybersecurity frameworks (NIST, ISO, etc.).
• Must know regulatory agencies’ policies, procedures, and laws governing the security of data for financial institutions.
• Must have the ability to make decisions, work independently, and guide the Information Security team, other IT team members, and business unit partners.
• Must have strong strategic thinking and analytical skills.
• Must have excellent communication and leadership abilities.
• Must possess a deep technical understanding of information security engineering and infrastructure operations.

Physical Requirements

• Occasional standing, walking, bending, and stooping required
• Must be able to sit at a desk for long periods of time and use a computer
• Must be able to moderately lift or move up to 5 pounds and occasionally lift or move up to 10 pounds

Education and Background

• Requires a Bachelor’s degree in computer science, cybersecurity, or a related field, or equivalent work-related experience. Master’s Degree in a relevant discipline (preferred).
• Requires professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP).
• Minimum of 10 years of experience in information security or a related field required.
• Minimum of 5 years in a leadership role, managing security teams and initiative required.
• Proven experience in developing security strategies, risk management, and compliance required.
• Minimum of 10 years of demonstrated success in leadership roles in compliance, risk management, information security, IT, and OT security required.
• Minimum of 5 years of experience successfully supervising large-scale complex projects and programs that meet the objectives of excellence in a dynamic business environment required.
• Minimum of 5 years of experience in extensive contract negotiations and management of 3rd parties that provide an array of IT services.  Must be able to evaluate and determine appropriate data security terms and conditions for all significant organizational contracts required. 
• Requires demonstrated leadership with a minimum of 15 years of management experience in a technical capacity and the ability to interface effectively with a broad range of people and roles, including senior leadership, IT leaders, and external constituents.
• Experience in cross-functional collaboration and budget management required.

If you have a passion for member service and would like to invest in a meaningful career with opportunity for growth, we encourage you to apply to Truliant! 

As a member of the Truliant family, you will enjoy the following full time benefits:

• No-cost employee Medical, dental, vision coverage
• Prescription benefits (including mail order)
• Paid holidays and Paid Time Off (PTO)
• 401(k) plan with contribution matching  
• Paid community involvement volunteers hours
• Paid group life Insurance
• Teammate loan discounts
• Tuition reimbursement
• Short and long-term disability
• Health & Wellness program
• Teledoc (physician video conferencing)
• Onsite fitness facilities or health club reimbursement
• Employee Assistance Program (EAP)
• Medical flexible spending account
• Dependent care flexible spending account