Information Security Program Manager

at  Columbia Credit Union

ABOUT COLUMBIA CREDIT UNION

Columbia CU is a full-service financial institution with $2.3 billion in assets, over 100k members and we pride ourselves in our commitment to “Making Life Better” in the communities we serve. Since 1952, our commitment toward “Making Life Better” has earned us accolades and we are honored to be the recipient of several local community recognitions:

• Best of Clark County Award / The Columbian: 2008-2023
• Best in Business Award / Vancouver Business Journal: 2013-2023
• Corporate Philanthropy Award / Portland Business Journal: 2017-2023

REQUIREMENTS

• 2-5 years relevant Security Experience, 7 years comprehensive experience
• Professional Security certifications preferred: GSEC, CCSP, AWS CSS, CASP+, CISSP
• Experience with technologies from the public cloud (AWS or Azure).
• Experience with technologies like Git, Terraform, Docker.
• Proficient in adopting security practices across an enterprise.
• Demonstrated skill in identifying exploits and vulnerabilities and providing remediation recommendations in a network and server environments.
• Knowledge of emerging threats and ability to stay abreast of developing threats and cyber vulnerabilities and skill to relate to management how these emerging threats may or may not apply to CCU.
• Ability to mentor other employees to improve their skills and effectiveness.
• Ability to design, budget, implement, and deliver projects in a timely manner.

EXPERIENCE

Required

• 7 year(s): Comprehensive IT
• 2 - 5 years: Information Security

SKILLS

Required

• Program Management
• Budget Planning
• Mentor

ABOUT THE ROLE

The Information Security Program Manager provides security oversight regarding Columbia Credit Union’s (CCU) technologies as defined by the CIO in fulfillment of the Information Security program guidelines. This role is critical to helping protect the organization by providing security program management to ensure information assets are protected. Oversight is achieved through the design, architecture, and implementation of security solutions. The Information Security Program Manager provides coordination and support to incident response. The Information Security Program Manager will partner with technology development and operations to ensure that systems meet company policies and standards as well as legal and regulatory requirements. The Information Security Program Manager will work with HR, Incident Response Team, and Enterprise Risk Management to conduct computer forensics investigations. The position will work closely with Development, Operations, and Information Services personnel to ensure that security best practices are effectively employed.
Reporting Structure: Position will report to SVP/CIO with oversight and guidance from the Chief Risk Officer (CRO).

RESPONSIBILITIES

This position helps fulfill the Sec in the DevSecOps model. Large scale systems development is not required, but we do want this individual to be able to help the team achieve objectives. Example: You should be able to build a module for the team and show how to integrate and help merge the module with a service.

• Advise Columbia Credit Union enterprise development, security, and engineering teams to formulate and drive an enterprise-wide strategy on implementing and enforcing least privilege security principles across our platforms.
• Collaborate with other teams to identify, resolve, and mitigate vulnerabilities.
• Oversight of the SIEM, Vulnerability Scanning, and Anti-Malware systems, and other security related systems.
• Understanding of secure hybrid cloud configuration, (CloudTrail, AWS Config, etc.), hybrid cloud security technologies (VPC, Security Groups, Security Hub) and hybrid cloud permission systems (IAM).
• Work with Columbia Credit Union enterprise development, security, and engineering teams to formulate and drive an enterprise-wide strategy on implementing and enforcing least privilege across our platforms.
• Lead in creation and review of documentation and policy on enterprise security standards and best practices. Including preparing for and conducting responses during audits regarding information security.
• Manage and oversee the Firewall Auditing process, ensuring compliance with security policies and regulatory requirements.
• Coordinate vulnerability reporting activities, including identification, assessment, and remediation of security vulnerabilities across CCU’s systems.
• Manage security event management processes to promptly detect, investigate, and respond to security incidents.