Overview
The Director, Chief Information Security Officer (CISO) leads OnPoint’s enterprise-wide security program, overseeing strategy, operations, and budget to protect OnPoint's information assets. This role is responsible for security initiatives, policies, standards, evaluations, and promoting staff and organizational awareness. The CISO works closely with the Chief Risk Officer (CRO), Chief Legal Officer (CLO), and senior management to ensure that technology and physical controls align with regulatory and corporate policy. Appointed by the CEO as the Director, Chief Information Security Officer (CISO), this role develops and implements flexible, reliable, and maintainable security solutions, assesses risks in both existing and planned systems, and delivers high-quality service to members and employees.
Responsibilities
Develop and Lead Information Security Program
- Create, implement, and regularly update a strategic security program to ensure the confidentiality, integrity, availability, and recovery of information assets. Drive the organization’s security roadmap, aligning it with industry standards and evolving threats.
Establish Policies and Ensure Compliance
- Define and manage security policies, standards, and controls to ensure system security and compliance with privacy laws and regulations. Oversee identity and access management, including documentation of access authorizations and segregation of duties.
Maintain Threat Awareness and External Partnerships
- Keep informed of industry threats and engage with external agencies to reinforce security posture against evolving risks.
Manage Regulatory Audits and Compliance
- Oversee regulatory exams and audits, ensuring timely remediation of findings or organizational risk acceptance. Regularly report security program status, risks, and trends to the Board, Senior Management, and Information Security Oversight Committee.
Lead Business Continuity and Incident Management
- Oversee the Business Continuity Program (BCP), Business Impact Analysis (BIA), and Disaster Recovery (DR) testing. Manage incident response, coordinating with law enforcement as needed.
Vendor and Budget Oversight
- Evaluate and manage vendors to support security objectives, aligning with departmental goals and budgetary constraints.
Team Leadership and Development
- Lead hiring, training, and performance management within the department to build and maintain a skilled information security team.
Qualifications
- Must have a Bachelor's degree in Business, Information Technology Management or related disciplines with 10 or more years of IT management experience. Other complimentary management/business unit experience a plus (fraud, enterprise risk management, compliance, enterprise governance).
- Must have recognized Information Security Certifications (e.g. CISSP, CISA, or CISM, CRISC).
- 7 or more years of directly related information security leadership experience.
- 3 or more years of experience interacting with Senior Management, Supervisory Committees and/or Board of Directors.
- Proficiency using MS Office products such as Excel, Word, PowerPoint, Outlook and Office365
- Masters’ Degree in Business or Technology and experience in a financial institution preferred.
- Must also demonstrate conduct consistently with our Corporate Values.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
While performing the duties of this Job, the employee is regularly required to sit and talk or hear. The employee is occasionally required to stand; walk; use hands to finger, handle, or feel and reach with hands and arms. Specific vision abilities required by this job include close vision.
Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.
The noise level in the work environment is usually moderate.
At OnPoint, we believe a workplace that reflects the richness of the world fosters a welcoming and empowering environment for everyone. We're committed to equity and inclusion, and consider all qualified applicants embracing every race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, and your unique background.
We encourage you to apply if you're passionate about this opportunity and have the core qualifications. Your unique experiences and skills are what make you a strong candidate. Don’t let imposter syndrome hold you back! Our recruitment process is designed to be inclusive and accessible to all. If you need any accommodations during the application or interview stage, please let us know. We're dedicated to providing what's necessary to ensure a fair and inclusive experience.
#LI-Onsite
Job Details
- Job Family
- Technology
- Job Function
- Technology
- Pay Type
- Salary