Title: VP, Information Security
Standard Hours: 40
Primary Location: Home Office
Reports to: CIO
Position Summary
The Vice President of Information Security leads a modern, business-aligned security program across the organization’s Microsoft-based environment.
This role blends security leadership with cloud architecture and reliability principles, ensuring systems are not only protected, but also resilient, observable, and continuously improving.
The VP will work closely with internal teams, vendors and a managed service provider (MSP), maintaining accountability for outcomes while enabling efficient, scalable operations.
________________________________________
Core Responsibilities
Security Program Leadership
• Manage and maintain a risk-based, right-sized security program aligned to business priorities
• Manage security controls that balance protection, usability, and system performance
• Translate risk into clear, actionable decisions for leadership
________________________________________
Cloud Security, Architecture & Reliability
• Working with our vendors, ensure systems are architected with:
o Strong identity and access controls
o Secure configurations
o High availability and resilience
• Partner with MSP and IT to build secure, scalable, and fault-tolerant systems
• Promote infrastructure consistency and automation
________________________________________
Observability, Monitoring & Metrics
• Manage and enhance monitoring, logging, and alerting across all platforms
• Define and track key security and reliability metrics, such as:
o Incident detection and response times
o Vulnerability remediation timelines
o System availability and performance
• Improve visibility into system behavior to support faster, more effective decision-making
________________________________________
Incident Response & Continuous Improvement
• Lead all aspects of incident response, including coordination with MSP, COO, and CIO
• Conduct root cause analysis and implement corrective actions
• Drive a culture of continuous improvement, reducing repeat incidents over time
• Ensure systems and processes evolve based on lessons learned
________________________________________
MSP Management & Operations
• Manage the MSP relationship, ensuring accountability and performance
• Oversee:
o Security monitoring
o Alert triage and response
o Vulnerability management
o Desk top maintenance and issue resolution
• Define SLAs and ensure operational effectiveness
________________________________________
Risk, Compliance & Audit
• Working with internal and external resources, lead SSAE 18 / SOC audits, including preparation and remediation coordination.
• Maintain existing policies, standards, and documentation aligned to actual risk
• Create new policies as identified
________________________________________
Business Continuity & Resilience
• Co-Own business continuity and disaster recovery programs across the organization
• Participate in testing and improvement recommendations
________________________________________
Vendor & Partner Security
• Assess and monitor third-party security posture
• Integrate vendor risk into broader risk management practices
• Work with and manage other vendor partners to ensure best security practices and successful audits. ________________________________________
Security Culture & Awareness
• Promote a practical, accountable security culture
• Deliver targeted training and awareness programs to staff
• Stay current on threats and evolving best practices
________________________________________
Qualifications
• ~7–12 years in information security, cloud security, or related roles
• Experience with Azure and/or Microsoft 365 security and architecture
• Experience with monitoring, incident response, and cloud operations
• Familiarity with automation and modern infrastructure practices
• Experience working with MSPs or external service providers
• Exposure to SOC/SSAE 18 and regulated environments
________________________________________
Leadership Profile
• Hands-on and accountable, with both strategic and technical capability
• Focused on measurable outcomes and continuous improvement
• Pragmatic—balances security, reliability, and business needs
• Strong collaborator across technology, operations, and leadership
• Growth-oriented and eager to expand leadership scope
________________________________________
Work Conditions
• Sitting for extended periods of time
• Dexterity of hands and fingers to operate a computer keyboard, mouse, and other devices
• Physically able to participate in training sessions, presentations and meetings
• Some travel is required for the purpose of meeting with management, employees, and occasional credit union client meetings
AA EEO

GEICO

DecisionPoint Corporation

Blip

PlanIT Group, LLC

Frost Brown Todd