Business Information Security Officer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Chevron Federal Credit Union · 22 hours ago

Business Information Security Officer

positionUnited States
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$113K/yr - $195K/yr
date7+ years exp

Chevron Federal Credit Union is one of the top-run credit unions in the country, known for its strong corporate culture and commitment to employee well-being. The Business Information Security Officer will oversee and implement the information security program, managing risk, ensuring compliance, and protecting the Credit Union’s assets and data.

BankingFinancial ServicesLending
check
Diversity & Inclusion
check
H1B Sponsor Likelynote
Hiring Manager
Amanda Maiken
linkedin

Responsibilities

Responsible for aligning security initiatives with enterprise programs and business objectives and ensuring that information assets and technologies are adequately protected
Develops and implements a comprehensive information security program to protect the Credit Union’s assets, infrastructure, and sensitive information
Drives the integration of security best practices into business processes and projects
Chairs the Information Security Council, bringing together key stakeholders from various departments to collaboratively shape and execute our security strategy
Collaborates with information security and cybersecurity counterparts in providing functional leadership and expertise to manage the security program and ensure consistent, effective implementation of best practices, policy, and procedures
Provides routine updates on security trends internal and external to the Credit Union and works with business management to prioritize initiatives and spending to reduce information security risk and improve the overall information security program
Ensures compliance with policies, regulations and laws
Responsible for assessment and mitigation of enterprise-wide information risk, including control monitoring, issue escalation, root-cause analysis, and development of risk responses
Conducts regular security risk assessments and control audits to identify vulnerabilities and ensure compliance with regulatory requirements
Identifies, assesses, and prioritizes information security risks and implements strategies to mitigate risks
Conducts annual information security asset-based risk assessment to identify and prioritize risks associated with our information assets and develop mitigation strategies with asset owners
Partners with business management to determine acceptable information security risk levels for the enterprise, including development of key risk indicator and risk appetite metrics
Ensures data privacy through development of proactive monitoring controls
Works with business to ensure least privilege principles are applied, enforced, and reviewed
Monitors completeness, timeliness, and accuracy of application entitlement reviews and drives control enhancements
Evaluates the information security posture of third-party vendors to inform vendor selection process
Supports the annual vendor management due diligence cybersecurity and information security assessments for critical and high-risk vendors with access to sensitive information or sensitive systems
Collaborates with vendor management and legal counsel to ensure contracts include necessary security clauses and provisions
Ensures third-party vendor onboarding and offboarding adhere to rigorous security standards to safeguard our data, information, and systems
Works with internal departments and third-party vendors to ensure compliance and adherence to data minimization processes, data handling practices, security controls, and relevant regulations
Collaborates with IT and technology teams to select, implement, and manage security technologies, such as firewalls, intrusion detection systems, encryption tools, and access controls
Oversees and evaluates third-party vendor security, with expertise in administrating SIGLITES and conducting thorough review of SIGLITES and SOC2 reports to assess the security posture of external partners
Performs information risk assessments for new business initiatives introducing new vendors, technologies, products, and services to the enterprise
Partners with teams charged with designing new processes and applications or making major modifications to existing systems and processes to ensure auditability and security are considerations from the inception
Develops and executes action plans for completing projects related to the enterprise’s information security priorities
Creates thorough and accurate reports and provides status updates on projects, presenting recommendations to senior leadership on a routine basis
Establishes and maintains information security policies, standards, and procedures tailored to the Credit Union’s operations
Ensures policies and procedures are up-to-date, compliant with industry regulations, and communicated effectively to all relevant stakeholders
Cultivates a culture of security awareness and compliance throughout the organization
Develops and delivers training programs, briefings, and materials (e.g., job aids and online courses) to educate staff about information security best practices to safeguard the Credit Union’s sensitive data, information, and assets
Provides regular reports on the state of information security to senior management, the board of directors, regulators, and other stakeholders
Stays informed of industry trends, industry best practices, and emerging technologies related to information security
Develops, implements, and maintains an effective incident response plan involving internal or third-party incidents
Leads incident response efforts and coordinates responses to security incidents ensuring timely containment and comprehensive investigation, recovery, and response
Other duties as assigned

Qualification

Information security programRisk managementSecurity standards knowledgeVendor managementIncident responseSecurity complianceNetwork architectureAnalytical skillsCustomer service skillsInterpersonal skillsCommunication skillsProblem-solving skillsAdaptabilityInitiative

Required

A minimum of 7 years of progressive experience with information security roles and related experience in developing and operating an information security program
Experience with financial services security programs
Bachelor's degree in information security, computer science, or a related field
Strong knowledge of security standards required (e.g. NIST, ISO/IEC 27000, PCI DSS, COBIT, ITIL, etc.)
Knowledge of information security or privacy related regulations/guidelines e.g. (GLBA, CCPA, GDPR, FFIEC)
Knowledge in administrating and reviewing SigLites or SOC2 documentation to assess the security posture of third-party vendors
Extensive knowledge in network function, design, and architecture
Continuously maintains a working knowledge of information technology, particularly how systems and applications integrate with business processes and operations
Ability to write and speak effectively in English using correct spelling and grammar
Basic math skills including the ability to compute rates, ratios, and percentages using a 10-key
Proficient in the use of basic applications in a Windows-based environment, including Outlook, Word, and Excel
Moderate keyboard skills at 40 wpm
Excellent customer service skills
Strong interpersonal skills with an ability to partner effectively across all levels of the organization and develop positive and strong working relationships
Conceptual thinking and analytical skills with the ability to analyze complex problems that include interrelationships and dependencies to identify common themes and solutions
Demonstrated discretion and maturity in facilitating sometimes uncomfortable discussions with senior management on confidential and sensitive risk topics
Ability to learn quickly and adapt to change; ability to quickly learn specialized applications and systems
Initiative and self-direction
Ability to effectively communicate and collaborate with people at all levels
Sound problem-solving and decision-making ability, including the ability to prioritize
Ability to understand and align with our core competencies through daily projects and tasks

Preferred

Master's degree or relevant certifications (e.g., CISSP, GIAC, CISM, CISA)
Professional audit and/or project management experience

Benefits

Bonus/incentives for all regular employees
401(k) with 8% company contribution
Medical, dental, and vision insurance for employees and dependents paid at 80%
PTO and paid sabbaticals
Tuition reimbursement

Company

Chevron Federal Credit Union

twittertwittertwitter
company-logo
Chevron Federal Credit Union is a financial institution that offers quality products and services to help members achieve financial success.
dateFounded in 1935
location
Oakland, California, USA
people-size201-500 employees
web-link
https://www.chevronfcu.org/

H1B Sponsorship

Chevron Federal Credit Union has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
2021 (1)

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Becky Bennett
Regional Partnerships Manager - Southeastern USA
linkedin
leader-logo
Crystal Bergeron
Regional Partnerships Manager
linkedin

Recent News

Seattle TechFlash
S.F. sees big slowdown in population loss amid influx of new international residents
2025-04-22
citybiz
CFI Trailblazers to Lead Eltropy’s EMERGE 2025
2025-03-28
EIN Presswire
CFI Trailblazers to Lead Eltropy's EMERGE 2025
2025-03-27
Company data provided by crunchbase