Information Security Manager - Remote

Who is Quorum?

Quorum Federal Credit Union is a national employer of choice that attracts, develops, enables, and retains the right resources to drive the organization forward. We are a human-centered organization that delivers a positive work journey and is committed to enhancing the lives of our employees and helping them to grow personally and professionally. We offer a unique value proposition to employees including Total Rewards, Work Journey, Work Paradigm, and Q-DNA to improve work-life balance and help employees live happier, more productive lives while contributing to our mission.

Summary

Working remotely, the Manager of Information Security plays a pivotal role in safeguarding sensitive data and fortifying our technology infrastructure, networks, and systems against the ever-evolving landscape of cyber threats. With a focus on developing and implementing robust cybersecurity policies, procedures, and controls, this position demands a unique blend of hands-on IT engineering expertise and strategic acumen.

As the Manager of Information Security, you will have the opportunity to shape our cybersecurity roadmap, set objectives, and foster collaboration across business teams and employees, thereby fostering a culture of heightened awareness and ensuring comprehensive training programs. Your analytical and problem-solving skills will be essential as you proactively assess cybersecurity threats, enabling you to implement effective mitigation measures and promptly resolve any information security issues that may arise.

In this role, you will liaise with our outsourced Technology Managed Services Provider, ensuring strict oversight to guarantee the fulfillment of contracted services. You will collaborate on matters pertaining to security tools, network monitoring, endpoint data protection, identity management, vulnerability/patch management, and incident response, upholding the highest standards of security throughout our organization.

Join our team as the Manager of Information Security and make an impactful contribution to our commitment to safeguarding sensitive information and fortifying our technology infrastructure against emerging threats.

Key Job Responsibilities and Accountabilities

• Drives continuous improvement by proactively identifying and addressing Information security risks and vulnerabilities.
• Ensures compliance with relevant regulations and industry standards including activities such as conducting internal audits, coordinating external audits, and ensuring adherence to compliance requirements.
• Communicates and collaborates with key stakeholders, within IT, executive management, and external partners or vendors.
• Oversees the development and execution of information security policies, procedures, and controls to protect our organization's information systems, networks, and the confidentiality of data assets and member sensitive information.

• Monitors effectiveness of security tools / processes and reports on the status of contracted security services related to: Endpoint Intrusion Detection/Response, Endpoint Anti-Virus Malware, Vulnerability, SIEM and Patching management, Firewall Rules, Email Anti-Spam , DLP, Identity Management etc.
• Monitors and analyzes threat intelligence sources and conducts periodic technology risk assessments to identify emerging threats and vulnerabilities. Maintains the cybersecurity risk register and associated remediation action plans.
• Provides management and technical oversight with our Technology Managed Services provider and other security vendor services to ensure adequate processes and controls are in place to monitor, detect and prevent cybersecurity incidents and threats. Monitors adherence to established service level agreements in conjunction with our Information Security and Vendor Management Policies.

• Develops and maintains the detail plan related to these programs as well as conducts periodic testing to ensure the organization’s preparedness or security incidents.
• Manages projects along with related communications and content to support deployment and employee training and awareness programs.
• Prepares and delivers regular reports on security operations, incident response activities, and compliance audit efforts to management. This includes tracking and communicating security-related information to relevant stakeholders.
• Develops and implements Information Security education and awareness training across the organization.
• Performs analytics and delivers reports and related communications to management on the status of security operations, incident response, and compliance audit related efforts.
• Creates training materials, conducts regular training sessions, and measures the effectiveness of the training program.
• Manages Business Continuity, Disaster Recovery, Business Impact Analysis, Incident Management Response, and related Cyber Security programs.

• Monitors, analyzes, and reports on employee engagement and security awareness as well as provides recommendations to management for improvements.
• Ensures cybersecurity awareness benefits are clearly visible and champions related efforts going forward across the organization.

• Manages employee Phishing testing program and related analytics and reporting to assess the success of the program.

• Performs cybersecurity risk assessments related to implementation of new technology and recommends appropriate controls to mitigate risk.
• Performs technology security architecture evaluations to assess for vulnerabilities and weaknesses, recommending appropriate security technologies and solutions to enhance the organization's security posture.
  • Manages projects related to technology upgrades and major changes to the information security environment.
  • Performs cybersecurity risk assessments related to implementation of new technology and recommends appropriate controls to mitigate risk.
• Manages projects related to technology upgrades and major changes to the information security environment.

• Performs Information Security risk assessments and SSAE SOC audit reviews on current and new vendors.

• Manages response and mitigation actions related to audit findings conducted by internal audit, regulatory agencies or by other third parties.
• Functions as a technical lead and subject matter expert on departmental and/or organization wide projects. Contributes expertise in his/her assigned area, executes deliverables, and ensures that the team completes project deliverables as outlined based on the project scope and business requirements.
• Monitors and audits Identity management and user access privileges across Active Directory, Azure and all Single Sign-on SSO connectors.
• Supports adherence and adoption of IT policies, procedures, and governance standards.
• Creates and maintains Information Security documentation (end-user guides, system administrator guides, policy, and procedure documents, etc.) using clear and concise language.

Job Requirements, Competencies, and Skills

• Two plus years of demonstrated experience with cybersecurity management functions.
• Two plus years’ experience managing BCP / DR Exercise and Incident response testing.
• Three plus years of demonstrated “hands-on” IT information security engineering experience.
• The position has the following minimum requirements:
  • Five plus years of Information Technology experience.
  • Three plus years of demonstrated “hands-on” IT information security engineering experience.
  • Two plus years of demonstrated experience with cybersecurity management functions.
  • Two plus years’ experience managing BCP / DR Exercise and Incident response testing.
  • Certified Information Systems Security Professional (CISSP) and or Certified Information Security Manager (CISM).
• Five plus years of Information Technology experience.
• High school diploma or GED is required. Bachelor’s degree in computer science, information technology or other related degree is strongly preferred, however a combination of education and related work experience may be considered.
• Certified Information Systems Security Professional (CISSP) and or Certified Information Security Manager (CISM).

• Knowledge of relevant regulations and standards, such as FFIEC, SOX, PCI, and NCUA / OCC preferred.
• In-depth knowledge of security technologies and tools, such as firewalls, intrusion detection and prevention systems, endpoint protection, Patching, vulnerability and identity Management tools and processes.

• Technical knowledge of Windows server and desktop operating systems and related technologies. Experience supporting virtualized environments, particularly Virtual Desktop Infrastructure and Azure Cloud hosted and M365 environments.
• Excellent problem-solving, organizational, analytical, time management, verbal, and written communication skills.
• Working knowledge with using ITIL Service Management based ticketing systems.
• Results Driven, Adaptive Thinking, Digital Proficiency.
• Good understanding of network protocols (for example: TCP/IP, DNS, DHCP etc.)
• Excellent communication and interpersonal skills , with demonstrated ability to present information in a group or individual setting.
• Previous experience with Cloud PaaS and SaaS technologies (e.g., Azure Files and Managed SQL, VOIP).

• Ability to respond to Cyber Security alerts and incidents during off hours is required.

• Ability to physically lift, carry and install equipment weighing up to 25 lbs.

Environmental / Physical / Mental Requirements

• Stable internet connection with speeds high enough for video conferencing and screen sharing.
• Smartphone with current iOS/Android OS
• Ability to communicate with coworkers and customers via email, chat, teleconference, and/or phone.
• Prolonged periods sitting at a workstation and working on a computer.

Compliance/legal requirements

Quorum is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will be considered for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, marital status, protected veteran status, or disability status.

Quorum will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990. Reasonable accommodations are available upon request for qualified individuals with disabilities throughout the application and employment process.

Salary Range: $120,000 to $140,000 annually. Individual salary will vary based on skills and experience. Discretionary incentive compensation may be available based on company and individual performance.

Benefits: Medical, Vision, Dental, Retirement Benefits, and Paid Time Off (PTO)

#LI-Remote

Experience

Required

• 5 year(s): High school diploma or GED is required. Experience required: 5+ years of Information Technology experience; 3+ years of demonstrated “hands-on” IT information security engineering experience; 2+ years of demonstrated experience with cybersecurity management functions; and 2+ plus years’ experience managing BCP/DR Exercise and Incident response testing. Certified Information Systems Security Professional (CISSP) and or Certified Information Security Manager (CISM) certification is required.

Education

Required

• High School or better

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)