TDECU · 12 hours ago
Director - Information Security
Houston, TX
Full-time
Onsite
Lead/StaffTDECU is a credit union focused on enhancing its information security program. The Director of Information Security will oversee the development of security architecture, monitor regulatory changes, and manage cyber risks to protect digital assets while aligning security with business objectives.
Auto InsuranceBankingCreditFinancial ServicesHealth InsuranceInsuranceLife Insurance
Responsibilities
Directs and oversees the development and maintenance of information security architecture patterns in alignment with the greater enterprise strategy that enables the enterprise information security program
Monitors regulatory environment for emerging requirements that will affect the Credit Union's information security program and initiatives
Protects digital assets by developing security programs and by managing threats to the organizations most critical assets and data
Evangelizes key security initiatives to gain buy-in from C-Level and other business leaders throughout the organization
Aligns business objectives with security objectives by combining people, processes and technology
Identifies the appropriate resources needed to advance the security program and presents business case to Leadership to gain support
Actively qualifies and quantifies cyber-risk in business terms that accurately reflects the overall risk position of the TDECU board and its members. Leverages the risk assessment to inform strategy and tactics
Monitors changes in business, technology, and threat environments to identify and develop strategies for addressing new risks
Directs and oversees maintenance of programs to manage risks to the Bank's network, systems, and data from malware, network intrusion, and other threats. Assesses the risk associated with newly discovered vulnerabilities and directs the application of vendor-supplied patches to manage risk
Identifies threats to the enterprise and determines the level of threats and the appropriate action(s) to take to avoid damages based on strategic NIST Cyber Framework adopted in security operations
Determines the level of reporting based on relevant metrics to track the health of the program based on events and incidents
Determines the tools needed to protect, detect and recover from security incidents and proposes the technology and process changes to leadership for implementation
Reports and incidents to relevant stakeholders with a short-term approach to control current incidents as well as a strategic plan to prevent recurring incidents
Develops a comprehensive plan to attract, train and retain security professionals with the requisite skills and interest in pursuing a cybersecurity career at TDECU
Develops a comprehensive plan to maintain the skill level of existing employees (and third-party service personnel) on a regular basis to evolve skill levels that coincide with the existing and emerging threat landscape that is relevant to the TDECU business and data assets
Monitors the threat landscape specifically to the credit union business vertical as well as those specific to TDECU and takes preventive action through a robust cyber-security awareness and education program and evangelizes the program to all employees and board members
Participates in the global information security community that monitors and explores all sources of information and leverages techniques and initiatives of other security executives by sharing experience and knowledge
Evangelizes to all TDECU employees their critical role on the information security team as well as all members of the information technology teams that they are subject matter experts and their knowledge in critical to the overall success of securing member information
Develops and executes on communications independently or with enterprise communications resources the risk of a faltering information security program to employees, managers, business leaders and board members by effectively communicating that information security risk is a business risk
Continuously communicates his/her role as a thought leader is to clearly demonstrate a commitment to protecting the organization, its members, and the member's most private data
Develops relationships throughout the organization that nourishes a spirit of cooperation and partnership to help further the information security mission and charter
Actively participates in aligned Incident Response and Business Continuity Teams
Qualification
Required
Directs and oversees the development and maintenance of information security architecture patterns in alignment with the greater enterprise strategy that enables the enterprise information security program
Monitors regulatory environment for emerging requirements that will affect the Credit Union's information security program and initiatives
Protects digital assets by developing security programs and by managing threats to the organizations most critical assets and data
Evangelizes key security initiatives to gain buy-in from C-Level and other business leaders throughout the organization
Aligns business objectives with security objectives by combining people, processes and technology
Identifies the appropriate resources needed to advance the security program and presents business case to Leadership to gain support
Actively qualifies and quantifies cyber-risk in business terms that accurately reflects the overall risk position of the TDECU board and its members. Leverages the risk assessment to inform strategy and tactics
Monitors changes in business, technology, and threat environments to identify and develop strategies for addressing new risks
Directs and oversees maintenance of programs to manage risks to the Bank's network, systems, and data from malware, network intrusion, and other threats. Assesses the risk associated with newly discovered vulnerabilities and directs the application of vendor-supplied patches to manage risk
Identifies threats to the enterprise and determines the level of threats and the appropriate action(s) to take to avoid damages based on strategic NIST Cyber Framework adopted in security operations
Determines the level of reporting based on relevant metrics to track the health of the program based on events and incidents
Determines the tools needed to protect, detect and recover from security incidents and proposes the technology and process changes to leadership for implementation
Reports and incidents to relevant stakeholders with a short-term approach to control current incidents as well as a strategic plan to prevent recurring incidents
Develops a comprehensive plan to attract, train and retain security professionals with the requisite skills and interest in pursuing a cybersecurity career at TDECU
Develops a comprehensive plan to maintain the skill level of existing employees (and third-party service personnel) on a regular basis to evolve skill levels that coincide with the existing and emerging threat landscape that is relevant to the TDECU business and data assets
Monitors the threat landscape specifically to the credit union business vertical as well as those specific to TDECU and takes preventive action through a robust cyber-security awareness and education program and evangelizes the program to all employees and board members
Participates in the global information security community that monitors and explores all sources of information and leverages techniques and initiatives of other security executives by sharing experience and knowledge
Evangelizes to all TDECU employees their critical role on the information security team as well as all members of the information technology teams that they are subject matter experts and their knowledge in critical to the overall success of securing member information
Develops and executes on communications independently or with enterprise communications resources the risk of a faltering information security program to employees, managers, business leaders and board members by effectively communicating that information security risk is a business risk
Continuously communicates his/her role as a thought leader is to clearly demonstrate a commitment to protecting the organization, its members, and the member's most private data
Develops relationships throughout the organization that nourishes a spirit of cooperation and partnership to help further the information security mission and charter
Actively participates in aligned Incident Response and Business Continuity Teams
Company
TDECU
Founded in 1955, TDECU formed when a group of Dow employees pitched in $5 each to loan a friend $35 to buy a refrigerator.
Founded in 1955
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
I
Isaac Johnson
President & Chief Executive Officer
Recent News
2026-01-22
2025-12-09
2025-12-04
Company data provided by crunchbase