Apply on Employer Site

Sierra Central Credit Union · 8 hours ago

Cybersecurity Manager

Yuba City, CA

Full-time

Hybrid

Senior Level

$130K/yr - $151K/yr

7+ years exp

Sierra Central Credit Union is seeking a Cybersecurity Manager to lead a team responsible for security and threat analysis across enterprise initiatives. The role involves ensuring information security best practices and risk management principles are integrated into systems and processes while overseeing cybersecurity operations and incident response.

BankingCredit CardsFinancial Services

Responsibilities

Managing, deploying, and maintaining security infrastructure

Oversee daily operation of cybersecurity tools and controls (SIEM, SOC services, EDR, firewalls, IDS/IPS, IAM)

Conducting vulnerability, penetration testing and identifying follow-up actions to mitigate failures and address any weaknesses

Maintaining up-to-date knowledge on cyber-security technologies and standards while automating security controls, data and processes to ensure proper configuration, maintenance, and monitoring

Validates alerts, investigations, and response actions performed by the SOC

Serve as the subject matter expert with the ability to educate and explain common threats affecting Network, Cloud, Web and Application environments as well as best practices in the Cyber Security industry, including remediations for OWASP Top 10, CWE/SANS Top 25, CIS controls, and NIST guidelines

Proven ability to successfully manage projects by establishing clear goals and deliverables, adhering to deadlines, proactively managing risks, and maintaining effective stakeholder engagement and communication

Act as primary point of contact with SOC providers

Investigate, review, and validate alerts, incident tickets, and escalations

Ensure SLAs, escalation procedures, and response timelines are met

Participate in investigations and coordinate responses with IT teams

Execute incident response procedures under CIO/CISO guidance

Coordinate containment, eradication, and recovery activities

Maintain incident documentation, timelines, and evidence

Support post-incident reviews and corrective actions

Support updates and maintenance of business continuity plan/program

Participate and lead BCP-IRP trainings and tabletop exercises

Oversee vulnerability scanning and remediation

Coordinate patching and mitigation with IT operations

Manage physical access control systems (badges, key cards, biometric systems) and coordinate with facilities to ensure alignment between physical and cybersecurity controls for comprehensive protection

Oversee visitor management processes and ensure compliance with policies

Monitor and review physical access logs for anomalies or unauthorized activity and Support investigations involving physical access incidents

Translate strategic goals into actionable security roadmaps, initiatives, tasks and provide tactical updates and metrics to CIO

Escalate risks with clear, actionable recommendations

Manage relationships with security vendors and service providers

Review SOC reports, vulnerability scans, and dashboards

Assist with tool evaluations, onboarding, and integration

Maintain operational procedures, runbooks, and playbooks

Ensure alignment between documented procedures and practices

Support audits and regulatory exams with evidence of control operation

Qualification

Cybersecurity leadershipThreat analysisSecurity control frameworksIncident responseCloud technologiesVulnerability managementData privacy regulationsProject managementCommunication skillsProblem-solving skillsStrategic thinking

Required

Exceptional leadership, communication, and problem-solving skills required

Excellent strategic and critical thinking skills

Excellent verbal, written and interpersonal communication skills required

Ability to provide leadership and direction in cybersecurity functions, including guiding security efforts, coordinating activities, and supporting decision-making across teams

Ability to interpret, implement, and evaluate security control frameworks, such as the Cloud Security Matrix, NIST Cybersecurity Framework (CSF), and CIS Controls

Ability to understand and work effectively with cloud technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)

Ability to perform threat analysis and build threat models using industry-recognized methodologies such as MITRE ATT&CK

Ability to interpret and apply data security and privacy regulations, including but not limited to PCI DSS, SOX, GDPR, and CCPA

Ability to support and execute cybersecurity engineering, security operations, and incident response activities, ensuring effective and timely resolution of security events

Ability to balance security policies, procedures, and best practices with operational needs to maintain a secure and efficient environment

Ability to identify, recommend, and implement process improvements to enhance the maturity, efficiency, and effectiveness of cybersecurity operations and services

Must work well under pressure, meeting multiple and sometimes conflicting deadlines

Seven or more years of cybersecurity experience, including a minimum of three years leading or managing a cybersecurity team or program

Bachelor's degree preferred, however relevant experience may substitute with Active security certification (e.g., CISSP, CISM, CISA, Security+, or equivalent)

Understanding of Zero Trust Architecture, endpoint security, and SIEM tools

Familiarity with security controls such as Cloud Security Matrix, NIST CSF, CIS

Knowledge of common Cloud Services offered (IaaS, PaaS, SaaS)

Experience performing Threat Analysis and modeling leveraging best in industry frameworks such as MITRE ATT&CK

Understanding of various data/privacy regulations (e.g. PCI DSS, SOX, GDPR, CCPA)

Complete understanding of Cybersecurity Engineering/Operations and Incident Response modalities, requirements, and functions

Experience with process improvement and maturing/transforming operations or services