Director, Information Security

San Francisco Federal Credit Union
San Francisco, United States of America
9 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 175K

Job location

San Francisco, United States of America

Tech stack

Artificial Intelligence
Software System Penetration Testing
Cloud Computing
Cloud Computing Security
Computer Security
Identity and Access Management
Information Security Management
Network Security
PCI Data Security Standards
Cloud Services
Phishing
Security Information and Event Management
Software Vulnerability Management
Information Technology
Patch Management
Integration Frameworks

Job description

The Director of Information Security is responsible for leading and overseeing the Credit Union's information security, cybersecurity, and technology risk management programs. This role is accountable for protecting organizational systems, networks, applications, and data while ensuring compliance with regulatory requirements and industry best practices.

Reporting directly to the Chief Technology Officer (CTO), with a dotted-line reporting relationship to the Chief Risk Officer (CRO), the Director of Information Security partners closely with Information Technology, Risk, Compliance, Internal Audit, and business leaders to strengthen the organization's cybersecurity posture, manage technology-related risk, and support operational resilience.

The Director will lead information security operations, governance, incident response, vulnerability management, business continuity coordination, security awareness, and third-party technology risk oversight while helping enable secure digital transformation and member trust., Information Security Strategy & Governance

  • Develop, implement, and maintain the Credit Union's enterprise information security program and cybersecurity roadmap.
  • Establish security policies, standards, procedures, and controls aligned with organizational objectives and regulatory expectations.
  • Partner with executive leadership to identify and manage information security and technology-related risks.
  • Provide regular reporting and updates on security posture, incidents, vulnerabilities, and remediation efforts.
  • Promote a culture of security awareness and accountability across the organization.

Cybersecurity Operations

  • Oversee cybersecurity monitoring, threat detection, incident response, and remediation activities.
  • Lead vulnerability management, penetration testing coordination, patch management oversight, and security assessments.
  • Manage endpoint security, identity and access management, email security, network security, and cloud security controls.
  • Coordinate response efforts for cybersecurity incidents, including investigation, containment, recovery, and post-incident analysis.
  • Maintain and test incident response procedures and escalation protocols.
  • Oversee BYOD policy enforcement, mobile device security, and personal device risk controls.
  • Monitor threat intelligence sources and dark web indicators relevant to member data and organizational risk.
  • Collaborate with fraud and operations teams on account takeover, ACH fraud, and identity-related threats at the security/fraud intersection.

Risk Management & Compliance

  • Partner closely with the Chief Risk Officer on enterprise risk management initiatives related to information security and technology risk.
  • Ensure compliance with NCUA, FFIEC, GLBA, PCI-DSS, and other applicable regulatory and cybersecurity requirements.
  • Ensure compliance with NCUA 12 CFR Part 748 cybersecurity incident notification requirements.
  • Support internal and external audits, examinations, and regulatory reviews.
  • Oversee third-party technology risk assessments and vendor cybersecurity reviews.
  • Participate in business continuity and disaster recovery planning, testing, and resilience efforts.

Security Awareness & Training

  • Develop and administer enterprise-wide information security awareness and training programs.
  • Conduct phishing simulations, employee education campaigns, and ongoing awareness initiatives.
  • Provide guidance to leaders and employees regarding cybersecurity best practices and emerging threats.

Technology Partnership & Project Support

  • Collaborate with IT and business teams to ensure security requirements are integrated into technology projects and system implementations.
  • Provide security guidance for digital banking platforms, cloud solutions, third-party integrations, and new technologies.
  • Evaluate and design security architecture across on-premise, cloud, and hybrid environments, and recommend improvements to strengthen the overall security posture.
  • Support AI governance and emerging technology risk assessments, including participation in enterprise AI evaluation and policy development.

Requirements

  • Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science, or related field required; advanced degree preferred.
  • Minimum of 7 years of progressive information security or cybersecurity experience, preferably within financial services or a regulated industry.
  • Minimum of 3 years of leadership or management experience.
  • Experience with cybersecurity operations, regulatory compliance, risk management, and incident response.
  • Credit union or banking industry experience strongly preferred.

Knowledge, Skills & Abilities

  • Strong understanding of cybersecurity frameworks, governance, and risk management principles.
  • Knowledge of financial institution regulatory requirements including FFIEC, NCUA, GLBA, PCI-DSS, and vendor management expectations.
  • Experience designing and evaluating security architecture across on-premise, cloud, and hybrid environments.
  • Experience with SIEM tools, endpoint protection, vulnerability management, identity and access management, and cloud security.
  • Strong analytical, problem-solving, and decision-making skills.
  • Excellent communication and executive presentation abilities.
  • Ability to balance operational responsiveness with strategic planning.
  • Strong collaboration and relationship-building capabilities.

Preferred Qualifications

  • Industry certifications such as CISSP, CISM, CRISC, CEH, or similar.
  • Experience supporting digital banking platforms and financial services technologies.
  • Experience with cybersecurity audits, examinations, and remediation programs.
  • Familiarity with business continuity and disaster recovery frameworks., * Strategic thinking & execution
  • Accountability & ownership
  • Stakeholder influence
  • Change leadership
  • Continuous improvement
  • Member / customer-centric mindset, This role exercises independent judgment in areas such as prioritization, resource allocation, policy/process recommendations, and execution of initiatives aligned with organizational objectives.

Benefits & conditions

770 Golden Gate Avenue, San Francisco, CA 94102 Hybrid work $160,000 - $175,000 a year - Full-time

About the company

San Francisco Federal Credit Union is a member-driven financial institution committed to delivering exceptional service, strengthening our community, and creating a people-first culture. We invest in our people and empower leaders to drive meaningful impact for our members, teams, and communities.

Apply for this position