The Information Security Manager is the process owner for the development and implementation of an organization-wide information security program and ongoing activities to preserve the availability, integrity and confidentiality of company information resources in compliance with applicable security policies and standards. The Information Security Manager is the process owner for the development and implementation of an organization-wide information security program and ongoing activities to preserve the availability, integrity and confidentiality of company information resources in compliance with applicable security policies and standards.This consults and partners with internal technical staff and business leadership as well as each business unit to enforce and verify compliance of information security standards. This is a hands-on position that will perform security analysis tasks and reporting, IS policy and procedure development, and other IT Infrastructure tasks. The Information Security Manager is a member of the information technology department, in the infrastructure team, with global responsibilities.Additional responsibilities: Ensures compliance with Federal, State, and local laws, regulations, codes, and/or standards, globallyEnsures IS Program features are regularly tested throughout the yearRemains current on developments in the cyber-security industry including: security alerts, bugs, zero day issues, vulnerabilities, viruses, and malware, providing evaluation and recommendations depending on their potential impact to the CompanyProvides organizational tactical and status reports on ongoing improvements to the overall IS Program, risk assessments, tests, and security control changes to the enterpriseManages the information security program to analyze cyber-security information and utilize said information to enhance the overall security posture of the enterpriseProvides regular updates and/or responses to regulatory & internal assessments to: Supervisory Committee, Risk Management Committee, Compliance Committee, Senior Management and the Board as neededDirects security activities and assessments with key 3rd party security partners and develop the responses, the remediation, and ongoing adherence from those reportsEnsures there are no repeat IS security related findings from regulatory and 3rd party exams (ie. NCUA, 3rd party audits)Works closely with IT and Vendor management teams in providing timely security reviews & assessments to potential technologies being considered by the organizationWorks closely with the Management team and Learning & Development to ensure that Security Awareness training remains a current, positive training solution for employeesRequired Skills: Demonstrate knowledge of IS areas, such as authentication, encryption, logging, monitoring, vulnerability management and assessment.Demonstrated ability to integrate business needs and exceptional customer service with that of maintaining a strong security framework.BA/BS in Computer Science or equivalent and at least 7 years of practical IS/IT work experience with direct knowledge surrounding enterprise security technologies such Privileged Access Management systems, Next-gen firewalls, VPN, IPS/IDS, content filters, Endpoint Security systems, AV, and similar.Experience utilizing common frameworks including FFIEC, NIST, ISO.Formal certification in Information Security Management preferred (CISSP or equivalent)5+ years technical experience in skills including Vendor Management, Information Security, IS Program Management, and/or Security Vendor Management.Experience with managing small focused teams.Advanced hands on knowledge of information security principles and practices, including any of the following: NIST CSF, security risk assessment standards, risk assessment methodologies, and vulnerability assessments.High level of knowledge in Windows, Linux, Network, and Cloud security.Excellent oral and written communication skills; ability to interact with internal and external stakeholders.Must demonstrate strong analytical, reasoning and problem solving skills.Ability to carry a mobile device and provide off hours support as required.Ability to travel across all Company sites, domestic as well as international.Discretion and Judgement:Employee will often set their own priorities based on general guidelines and direction.Employee must often compare alternative courses of action and make logical decisions.Employee must work well with ambiguity and tasks will not always be routine.Employee will have the authority and will be expected to make some decisions on their own, without direct guidance from supervisor.Minimum Qualifications: Minimum 3-5 years information security analyst experience.CISSP, CISM, CCSP, or SSCP certification.Bachelor s degree.