Apply on Employer Site

Wright-Patt Credit Union · 2 days ago

SVP, Operational Security & Recovery

Beavercreek, OH

Full-time

Onsite

Senior Level, Lead/Staff

10+ years exp

Wright-Patt Credit Union is seeking a Senior Vice President, Operational Security & Recovery to provide strategic leadership for their operational security program. This role involves overseeing information security, disaster recovery, and business continuity, ensuring the organization is prepared to protect member data and respond to operational security incidents.

FinanceFinancial ServicesNon Profit

Responsibilities

Serve as the organization’s Information Security Officer (ISO) and the executive owner of the credit union’s Information Security, Business Continuity, Incident Response, Operational Recovery, and Corporate Insurance functions

Develop and maintain an operational security strategy that is commensurate with the size, complexity, and risk tolerance levels of the organization and effectively prepares the credit union to respond to, recover from, and mitigate the impact of operational security events including, but not limited to, weather events, natural disasters, data incidents, utility outages, technology outages, vendor outages, and other disruptive events

Provide strategic leadership and oversight of processes to embed resiliency planning into strategic initiatives, product development, and technology deployment

Partner with Corporate Communications to develop and maintain an incident communication strategy and effective coordination of incident response activities related to operational security events

Provide strategic leadership and oversight of the credit union’s Business Continuity Plan (BCP) and incident response plans, including department-level continuity plans to ensure operational resiliency across the organization

Provide strategic leadership and oversight of the credit union’s Business Continuity (BCP) testing strategy and execution, including tabletop exercises, ransomware exercises, simulations, and third-party vendor testing to identify potential weaknesses and improve resiliency

Provide strategic leadership and oversight of the Information Security program to ensure the program meets regulatory expectations, is commensurate with the credit union’s cybersecurity risk profile, and serves as an effective and independent second line of defense function through policies, data classification, controls testing, oversight, and partner training

Provide strategic leadership and oversight of the credit union’s Disaster Recovery (DR) program to ensure the program meets regulatory expectations, is commensurate with credit union’s risk profile and technical architecture and effectively prepares the organization to respond to hardware failure, malicious attacks, ransomware, or other potential threats

Develop and maintain a corporate insurance strategy to protect the credit union’s assets, operations, members, and board members, including oversight of all insurance policies (property, liability, cyber, and specialized policies), to ensure alignment with risk appetite and enterprise risk management objectives and to provide adequate protection against evolving risk

Provide strategic leadership and oversight of the evaluation, negotiation, and renewal of corporate insurance policies, monitor market trends and emerging risk for impact to coverage, and ensure insurance and transfer of risk is integrated into incident response processes, business impact analyses, and business continuity planning

Establish and maintain Key Performance Indicators (KPI’s) to measure and monitor program performance. Ensure risks are managed within approved appetite for operational, reputational, and information security risk, based on established Key Risk Indicators (KRI’s)

Provide strong leadership and strategic direction to Business Continuity, Information Security, and other Risk Management leaders, and provide subject matter expertise to members of senior leadership, executive leadership, and the board of director’s risk committees

Foster a culture of risk awareness, organizational excellence, and member service through partner training, communication, and collaboration with leaders throughout the organization, ensuring risk assessment participants, business impact analysis participants, and business continuity plan owners are aware of their role as risk partners and are supported by the Operational Security and Recovery team

Provide monthly and quarterly risk reports to specialized risk teams, executive management teams, and board-level risk committees. Develop and provide Annual Report and Program Plan to executive management and board-level risk committees

Serve as a member of the Operational Risk Team and/or Information Security Risk Team (ORT and/or ISRT) and other committees/working groups as assigned

Ensure Operational Security and Recovery processes and results are well documented, maintained as current, and available for audit or examination. Participate in monthly audits and annual regulatory examinations and interact with internal auditors, external auditors, and state and federal regulators

Contribute as a member of the senior leadership team, attend leadership meetings, participate in annual strategic planning, budgeting and prioritization processes, and provide periodic updates to the Board, its sub-committees, and other senior executives

Manages vendor relationships, including: Involvement in sourcing, evaluating, and selecting vendors. Participation in the negotiating of contracts with potential vendors to ensure optimal pricing and mitigation of third-party risks. Ongoing monitoring of vendors (of both performance and reputation) to ensure they provide quality products and services in alignment with organizational goals

Qualification

Operational SecurityBusiness Continuity PlanningDisaster RecoveryRisk ManagementInformation SecurityCorporate InsuranceCrisis ManagementAnalytical SkillsStrategic ThinkingLeadership SkillsCommunication SkillsProblem Solving

Required

A bachelor's degree in business, risk management, information systems, or other relevant discipline required. A master's degree is preferred

At least 10+ years' experience in a senior management position, with prior direct experience leading risk management, operational security or related programs. Experience leading validation or assurance functions is also preferred

Demonstrated understanding of operational risk, information security risk, and reputation risk

Demonstrated understanding of laws and regulations that govern financial institutions and data security, including consumer privacy laws

Professional certification in business continuity, disaster recovery, or similar discipline. Certification in risk management or information security is also preferred

Strong analytical, strategic thinking, and crisis management skills

Senior-level written and verbal communication skills, including the ability to disseminate information, inspire confidence and trust, and motivate partner-employees

Demonstrated exceptionally strong leadership skills, having an ability to work collaboratively and influence cross-functional teams, senior leaders, and the board of directors

Demonstrated ability to drive and manage initiatives that increase operational efficiency, enhance quality, and improve/maintain service levels

Proven ability to analyze complex situations, solve problems, and design recommendations to accomplish business and tactical goals

Demonstrated ability to balance risk management efforts with the needs of the business to serve members and partner-employees