SVP / Senior Director Of Information Security
As a leading CUSO fintech serving primarily the credit union industry, AKUVO is seeking a hands-on and forward-thinking individual to be its SVP, Senior Director of Information Security. This role will be responsible for leading and overseeing AKUVO’s information security governance program. While the role is not operational, it is expected that the incumbent demonstrates deep technical knowledge and skill having the ability to actively assess and test the adequacy of AKUVO’s technical security architecture as a key component of this position.
This role will report to AKUVO’s Chief Risk Officer and work collaboratively through others to create and align the information security program and plans to the Corporate Risk Vision ensuring that the information assets – including internal information (written, verbal, digital, cloud), devices, products, SaaS platform, third party interfaces, customer PII, etc., are assessed, monitored, controlled in a safe and sound manner in accordance with federal and state regulations for financial services companies.
Collaborating with the CRO and key technology stakeholders, you will develop and implement comprehensive information security governance strategies, policies and procedures to identify and mitigate information risks, seeking feedback and input from key operational stakeholders, and appropriate third parties to ensure that these information security practices and controls promote a culture of security and align to protect current and future business products and services in fulfillment of our important business objectives.
KEY RESPONSIBILITIES
Information Security Governance Plan, Program Creation and Oversight. Create, implement, and oversee the company’s information security governance plan and program to create a strong information security risk posture that is in alignment with the CRO’s risk program vision, and the current and future information security governance needs of the company.
Information Risk Management. Perform information risk inventory and risk assessments to guide the company’s cyber and information security audit and information risk priorities. Identify and assess security risks through testing and controls evaluation, develop strategies to mitigate, monitor, and make recommendations on remediation approaches while reporting progress to Management, Executive Leadership and, possibly, the Board.
Policies and Procedures Development. Establish and enforce information security policies, standards, guidelines and procedures to ensure business and industry alignment. Collaborate with key stakeholders, monitor compliance, and be accessible to train, mentor, and make recommendations on information security related policy/procedural improvements.
Security Monitoring and Reporting. Actively monitor security exception reporting and practices within the company’s information security architecture to ensure awareness, remediation and resolution of issues or unaddressed controls problems. This will include, but not be limited to, monitoring open items through the MS Azure environment including cloud-based controls, secure coding practices, application development practices and adherence to the SDLC, issues identified through managed service providers, the monitoring and administration noted within the Vanta platform, and more.
Incident and Business Resumption Response. Evolve the company’s current Security incident, Business Continuity, and Disaster Recovery processes and policies collaborating with the CRO and CTO/CPO. Participate/sponsor annual compliance testing. Collaborate with stakeholders (CRO, CPO/CTO, SVP Relationships) to develop a sound communication process with respect to federally compliant customer notification.
Compliance and Regulatory Alignment. Manage the company’s information security posture within NCUA/FDIC, and other, regulations as they apply. Prepare, upgrade controls and evidence, schedule and administer PCI DSS 4.0, SOCII reviews with outside parties per regulation. Create CIS18 v8 framework within Vanta, populate workspace with evidence and controls as required. Ensure compliance with relevant laws and regulations (i.e. CCPA, TCPA, GLBA, etc.), industry standards (FFIEC, ACET). Plan the evolution of the company’s information security program toward NIST compliance.
Vendor Management. Participate in the corporate vendor management vetting process through evaluating and managing third party vendors, service providers, connector partnerships, from an information security perspective, ensuring they continue to meet AKUVO’s security requirements as noted in our service agreements.
As a team player, you will work with the CRO, key stakeholders and third parties to achieve success. Assess the quality and adequacy of information security risks, while positively demonstrating the ability to convey information security solutions for key business strategic initiatives. Stay ahead of emerging threats, vulnerabilities, and technologies to continuously improve AKUVO’s security posture. Leverage internal talent to accomplish information security initiatives. Serve as the Co-Chair, with the CRO, to establish and implement an Information Risk Committee that meets monthly.
SKILLS AND EXPERIENCE
10+ years’ experience as a current senior management leader of which 5 years should be in a senior information security leadership role. Demonstrated deep technical knowledge of IT operations and controls, cloud-based environments working in a MS Azure environment. Financial Services preferred, or equally regulated industry.
Direct experience working as a technology leader in a cloud-based environment. Experience with Software as a Service organization.
Former information technology audit and testing experience.
Proven ability to lead, motivate and manage complex relationships, teams and projects through strategic decisions.
Outstanding presentation and political skills. Ability to work collaboratively with all levels of staff and management.
Strong analytical and problem-solving ability to address security challenges and incidents.
Working knowledge of NCUA, FDIC, FFIEC, the ACET, NIST regulations.
CISA, CISSP, CISM or equivalent
ISACA or IIA membership desired
Bachelor of Science degree in information technology, business, or related area
To apply submit your resume here.