VP of Cybersecurity

About Gulf Winds

Gulf Winds Credit Union offers innovative financial tools that give our members freedom to live life with their finances under control. Since our founding in 1954, we have grown from a single branch in Pensacola, Florida, to a regional institution with over $1 billion in assets and 83,000+ members across Florida, Alabama, and Georgia. From daily banking needs to investment services, our members aren’t treated like an account number, but as part of the family.

Our Values

We are guided by our core values of Integrity, Care, Growth, and Innovation and are dedicated to our members, our community and each other.

Integrity 
 We own our decisions and actions by doing the right thing, learning from our mistakes, and taking responsibility.

Care
 We help members meet their goals by listening to understand and offering the best solutions, placing kindness above all else.

Growth
 We set ambitious goals, provide personal development opportunities, and encourage results.

Innovation
 We challenge the status quo to enhance the member’s experience and solve tomorrow’s challenges today.

Working at Gulf Winds

Working at Gulf Winds is not just a job, it’s a career. We’re hiring collaborative, motivated people who want to love what they do. We are forward-thinking and family oriented. We recognize and reward excellent member service and have fun while working hard. When you join the team, you can expect:

• Open and transparent communication with your leaders
• Consistent coaching and opportunities to improve performance.
• Collaborative and team-focused environments
• Short and long-term professional development
• Opportunity to participate in cross-functional projects.

With you on our team we can achieve our vision of becoming the leading and most trusted credit union on the Gulf Coast.

Role:

The VP of Cybersecurity leads the effort to appropriately safeguard all technology and data in preventing any unauthorized access or compromise to the production environment. This position is also responsible for ensuring the maximum confidentiality, availability, integrity, and security of applications, user equipment, systems, core processing, and technology infrastructure. As the credit union’s designated Information Security Officer (ISO), oversees the Information Security Program and the enforcement of all established policies in accordance with NCUA regulatory guidance and financial services industry best practices. Proactively stays current on evolving/emerging technologies and skills development relevant to the position. The VP champions secure process improvement, workflow optimization, and code development for the enterprise. This role works closely with the CSIO in tandem with other VP’s to design and execute the credit union’s enterprise technology roadmap.

Essential Functions & Responsibilities:

Oversees and reports on technology related cybersecurity incidents, suspicious activity, evolving threats, and audits. Responsible for ensuring the reliable functionality of all internal and external mitigation technologies such as firewalls, intrusion detection/prevention systems, anti-virus/malware, and other cybersecurity services.

Administers the enterprise Information Security Program. Develops and writes policies and procedures specific to technology requirements necessary for security validation, documentation, and workflow hardening. Reports on the effectiveness of the Information Security Program through the use of cybersecurity industry KPI’s. Proposes necessary changes in policies to ensure adequate systems security and compliance with NCUA guidelines.

Lead security risk assessments to include, but not limited to, vulnerability assessments, penetration tests, solutions design, project planning, user permissions audits, data classification/footprint, and vendor access. 

Participates in planning for the department to select and implement the appropriate cybersecurity methods, technologies, and partners to meet the evolving needs of the credit union and its members

Interfaces with vendors as needed to ensure appropriate service levels are maintained. Performs initial cybersecurity due diligence for all new vendors and technology solutions.

Participates as a member of the Senior Leadership Team (SLT) of the credit union in strategic/tactical planning, budgeting, and resource allocation.

Provides cybersecurity awareness training as needed for employees and members throughout the credit union.

Maintains appropriate technical expertise/certifications and directs cybersecurity specific initiatives as needed.

Performs other job-related duties as assigned.

Performance Measurements:

1. Performs senior leadership duties, including interviewing applicants, planning, assigning, directing, and evaluating subordinates' work, measuring performance against goals, reviewing efficiency and completeness of tasks, conducting performance reviews within the prescribed timeframe, recommending salary increases, and developing higher levels of expertise in team members through training and coaching.
2. Provides evolving cybersecurity training to Gulf Winds team members. Ensures all team members are cross trained to maintain established service levels in accordance with business objectives and system security updates/patches are applied in a timely manner.
3. Ensures maximum up time of enterprise services and systems by preventing compromises and promptly remediating incidents. Follows a well-developed process that produces reliable and efficient cybersecurity services to optimize user experience. Meets department standards for response to team member requests for assistance with cybersecurity needs
4. Ensures that technology and critical core systems are always being used responsibly and securely. Provides recommendations for any new cybersecurity solutions and any enhancements to existing cybersecurity solutions in accordance with industry best practices.
5. Oversees Cybersecurity Incident Response and the communication of operations impacting events to the rest of the enterprise and appropriate leadership ensuring all threats have been evaluated and effectively mitigated in a timely fashion.
6. Effective management of operational expenses and achievement of budget goals while realizing efficiencies and enhancements to products, processes, and services by monitoring trends in technology and innovation. Leads the Cybersecurity division to define services SLA’s. Makes recommendations for cost efficiencies and enhancements by monitoring the use of credit union technologies.
7. Accomplishes all assigned initiatives according to policy and procedures, informing management of critical issues. Complies with all applicable rules, regulations, and policies, including but not limited to NCUA, BSA, OFAC, and Physical Security.

Knowledge and Skills:

Experience: Five to eight years of experience in a similar role. Substantial experience with firewalls, SIEM, IDS/IPS, MDM, SSO, IAM, AD, virtualization, cloud services, secure data architecture, network technology, and other cybersecurity tools. Strong working knowledge of cybersecurity administration (e.g. access control, system hardening, and policy development). Ability to recognize and properly handle sensitive and confidential information. Credit union or financial services experience is a plus.

Education: (1) A bachelor's degree, or (2) achievement of formal certifications recognized in the industry as equivalent to a bachelor's degree (e.g., information technology certifications in lieu of a degree), (3) or an additional 5 years of proven experience in a similar role. CISO or CISSP preferred. A master’s degree is a plus.

Interpersonal Skills: A significant level of trust and diplomacy is required, in addition to normal courtesy and tact. Work frequently involves exercising advanced conflict resolution, giving material presentations, and resolving issues impacting multiple departments or divisions. Partners become important and fostering sound relationships with other entities (companies and individuals) becomes necessary and often requires the ability to influence and sell ideas to others. The ability to collaborate effectively with cross-functional team members is a must.

Other Skills: Ability to lead a Cybersecurity Incident Response program. Demonstrated strong analytical and problem-solving abilities to identify system vulnerabilities and assess risks. Ability to recognize and handle sensitive and confidential information appropriately. Exceptional customer service skills as well as excellent resource management and communication skills. Ability to discuss technical issues effectively with other technical professionals as well as non-technical leaders. Strong knowledge of IT service management principles, frameworks, and best practices. Ability to read, write, comprehend, and speak English clearly. 

Physical Requirements: This role requires sitting at a computer viewing digital displays and typing for most of the day.  

Work Environment: This job operates primarily in a office setting and routinely uses standard office equipment such as computers and collaboration technology. It requires the ability to actively participate in virtual as well as in-person meetings with other credit union team members and vendors. Normal expected work hours are between 8:00 a.m. and 5:00 p.m. CST, but work after normal work hours (including weekends) may be required. Must adhere to safety rules and regulations.

This Job Description is not a complete statement of all duties and responsibilities comprising the position.

Gulf Winds is an Equal Opportunity Employer.  Drug Free Workplace.