Apply on Employer Site

Sandia Area Federal Credit Union · 1 month ago

DIRECTOR OF CYBERSECURITY AND INFORMATION SECURITY

Albuquerque, NM, USA

Full-time

Onsite

Mid, Senior Level

7+ years exp

Sandia Area Federal Credit Union is dedicated to delivering high-value banking services that enhance the financial well-being of its members. The Director of Cybersecurity and Information Security will develop and oversee the cybersecurity program, ensuring alignment with organizational goals and fostering collaboration across departments.

BankingFinancial ServicesNon Profit

Responsibilities

Lead by example, reinforce, and consistently uphold Sandia Area’s Values: Service, Sustainability, Efficiency, Trust, Stewardship, and Growth

Provide strategic leadership to department managers and teams, ensuring alignment with organizational goals and priorities

Build and lead a high-performing team; set performance targets, foster a culture of continuous improvement, encourage innovation, learning, and adapting best practices to optimize performance

Drive collaboration across departments to ensure cohesive strategies and shared accountability

Oversee large-scale projects and initiatives, managing resources effectively and meeting organizational timelines

Develop and align departmental goals with the broader organizational strategy; ensure all members of the team are meeting performance expectations

Directly or indirectly manage staff to enhance professional development and personal growth; provide regular coaching, feedback, and performance evaluations

Optimize resource allocation, including personnel, budget, and other resources, to maximize effectiveness while controlling costs

Oversee the recruitment, interviewing, and hiring process, ensuring candidates align with the credit union’s mission, values, and service culture

Oversee the onboarding, training, and development of new hires, fostering a positive and growth-oriented work environment

Establish and oversee the Credit Union’s Cybersecurity Program framework, integrating standards from NCUA, FFIEC, GLBA, and NIST CSF

Develop and manage a multi-year cybersecurity roadmap and maturity model

Define program goals, metrics, and key risk indicators (KRIs) to measure effectiveness

Coordinate implementation of cybersecurity initiatives across IT departments (Networking, Systems Administration, Applications, Support Desk, and Data Analytics)

Recommend updates to policies and procedures as necessary, and where necessary establish new policy procedure

Partner with the Chief Risk Officer to integrate cybersecurity risk into the enterprise risk management (ERM) framework

Lead cybersecurity governance activities and report regularly to executive leadership and the Board

Lead through influence by coordinating with IT leadership teams to achieve cybersecurity objectives

Partner with enterprise leaders to embed cybersecurity into strategic projects

Serve as liaison between IT, Risk, Compliance, and Internal Audit for all cybersecurity initiatives

Champion a culture of security awareness and accountability across the organization

Provide cybersecurity awareness training for Sandia Area employees to promote best practices in information security

Collaborate with Internal Audit and Compliance to ensure continuous improvement and audit readiness

Maintain oversight of cybersecurity policies, controls, and regulatory compliance activities

Ensure continuous compliance with NCUA Part 748, FFIEC CAT, GLBA, PCI DSS 4.0 and other relevant regulations

Coordinate cybersecurity risk assessments, penetration testing, and control validation

Lead cybersecurity exam readiness and response efforts for regulatory audits

Develop and present cybersecurity risk and performance reports to the Executive Team and Board committees

Oversee security monitoring, detection, and incident response operations in collaboration with IT and managed service providers

Validate the effectiveness of security controls, including firewalls, SIEM, IAM, and endpoint protection systems

Review vulnerability and penetration test results, ensuring remediation aligns with policy and risk tolerance

Coordinate post-incident reviews to identify lessons learned and strengthen controls

Oversee third-party cybersecurity risk management, ensuring due diligence, contract compliance, and ongoing vendor oversight

Collaborate with Procurement, Legal, and Risk Management to manage vendor security reviews

Represent the Credit Union externally with peers, regulators, and industry consortiums

Integrate cybersecurity response planning into enterprise Business Continuity and Disaster Recovery (BC/DR) programs

Lead tabletop and simulation exercises to test incident readiness and coordination

Ensure cybersecurity components of BC/DR are updated and tested regularly

Demonstrate a strong commitment to upholding the organization’s mission, vision, and values in all interactions and responsibilities

Represent the credit union with professionalism, integrity, and ethical conduct at all times

Maintain a thorough understanding and strict adherence to credit union regulations, compliance requirements, policies, procedures, and operational guidelines

Consistently meet deadlines as assigned while ensuring accuracy, efficiency, and adherence to quality standards

Foster a positive and supportive environment for both members and employees, ensuring interactions align with the credit union’s mission and service philosophy

Adhere to all regulatory and compliance policies, upholding the highest standards of security, confidentiality, and ethical financial practices in all interactions

Maintain the confidentiality and security of information, records, and sensitive data, in compliance with credit union policies and regulatory requirements

Adapt to evolving responsibilities, taking on additional duties as assigned to support the success of the organization

Demonstrate a commitment to continuous learning, professional development, and staying informed on industry trends and best practices

Willing to undergo background and credit checks as required by federal and state regulations

Understand and comply with all policies, procedures, and legal guidelines, including adherence to the Bank Secrecy Act (BSA), Office of Foreign Assets Control (OFAC), and other applicable financial regulations

Qualification

Cybersecurity program managementInformation security governanceRisk management frameworksFinancial sector regulationsAnalytical skillsProject managementCross-functional collaborationCommunication skillsMicrosoft Office proficiencyTeam leadershipInterpersonal skillsTime managementAdaptability

Required

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field required; equivalent experience may be considered

Minimum of 7 years in IT or cybersecurity leadership roles, with proven program management experience

Deep understanding of information security governance and risk management frameworks (NIST CSF, ISO 27001, FFIEC CAT, CIS Controls)

Proven ability to design, implement, and mature an enterprise cybersecurity program

Strong knowledge of financial sector regulations including NCUA, FFIEC, GLBA, and PCI DSS

Demonstrated experience in cybersecurity risk quantification, budgeting, and performance measurement

Ability to communicate complex technical and risk issues clearly to executives and the Board

Experience leading cross-functional initiatives through influence and collaboration

Strong project management, organizational, and strategic planning skills

Excellent written, verbal, and presentation communication abilities

Awareness of data privacy and emerging regulatory trends affecting member information

Visionary leadership and strategic planning skills to align departmental initiatives with organizational objectives

Ability to strategically plan department objectives with levels of senior management

Knowledge of Credit Unions or financial institutions and their products, services, and operations

Knowledgeable regarding products, services, and processes within the consumer and indirect lending areas

Strong collaborative skills to foster cross-departmental partnerships

Ability to oversee large-scale projects and manage resources effectively

Advanced communication skills to engage with stakeholders and present ideas clearly

Analytical skills to assess departmental performance and implement improvements

Proven managerial experience and ability to lead and mentor teams

Willingness to engage in difficult situations using outstanding interpersonal skills and emotional intelligence

Exceptional time management and organizational skills, with the ability to prioritize tasks, manage multiple responsibilities, and adapt to a fast-paced environment

Passionate about teamwork and having a positive influence on others; ability to work independently and demonstrate attention to detail

Proactive in seeking professional growth, embracing both formal and informal development opportunities, and demonstrating adaptability to new responsibilities

Team-oriented with a strong collaborative mindset, actively supporting team members and contributing to a positive and high-performing environment

Proficient in Microsoft Office, including Outlook, Word, Excel, and PowerPoint

Ability to perform essential functions, including the ability to lift up to 20 lbs. as needed