Search
Header navigation
Vice President - Information Security Risk

Vice President - Information Security Risk

RBFCU
locationSan Antonio, TX, USA
PublishedPublished: 12/19/2025
Public Services
Full Time

Job Description and Requirements

The Vice President - Information Security Risk will provide key leadership in identifying, assessing, and managing information technology/security risk across the Credit Union ensuring the risk exposure is aligned to strategic objectives, risk profile, and regulator expectations. In addition, will collaborate with senior management, business units, and regulators to develop and implement effective risk management frameworks, policies & practices. This includes establishing a second line of defense information technology / security risk oversight program to identify, measure, monitor, and report related risks along with the overall effectiveness of the Credit Union's Information Security Program.

Essential Functions and Responsibilities:

  • Develop and establish a second line of defense information technology/security risk framework and oversight program to oversee information technology/security activities across the enterprise
  • Develop, establish, and enforce information technology/security risk standards; measure and report on adherence to defined standards
  • Perform oversight activities such as risk reviews, risk assessments, control monitoring, and validation testing to identify information technology/security risks or non-compliance with policies, program procedures and standards, applicable laws, rules or regulations
  • Engage with key stakeholders to develop proactive risk mitigation strategies for areas of non-compliance or increased risk; review and validate mitigation plans to ensure identified risk is mitigated to an acceptable level
  • Develop and maintain key metrics to monitor and oversee information technology/security risks in accordance with the Credit Union's Risk Appetite; report results to management, senior leadership, and applicable risk or Board-level committees
  • Collaborate with the Enterprise Risk Management (ERM) function to ensure integration and reporting of information technology/security risks within the ERM program
  • Monitor industry trends and emerging risks to inform or recommend enhancements to the information security program accordingly
  • Collaborate with senior management and business units to establish a culture of information security by actively promoting security awareness and shared responsibility
  • Actively seek regular discussions with key stakeholders to provide risk guidance, consultation, and credible challenge for implementations or changes in information technology/ security activities
  • Serve as liaison and support during internal/external audits or regulatory examinations of the information security program
  • Consistently model conflict resolution, tact, and negotiation skills through appropriate persuasion and genuine empathy throughout all interactions
  • Coach and train direct reports in information technology/security risk identification, risk analysis, risk measurement, control development & testing; also provide mentoring and professional development opportunities to direct reports
  • All other duties as assigned (Note: essential functions and responsibilities may change, or new ones may be assigned at any time with or without notice)

Requirements:

  • Bachelor's Degree (Information Systems, Cybersecurity, Computer Science, Business preferred)
  • Minimum 5 years of information technology, cybersecurity, governance, risk management or other related work experience OR 10 years years of related work experience in leu of degree (within financial institutions or other regulated industry is a plus)
  • Minimum 5 years of management experience
  • Comprehensive knowledge and experience in applying IT and Information Security standards and governance frameworks(NIST CSF,CIS Controls, etc.)
  • Knowledge and experience in applying risk management practices, including risk identification, risk analysis, risk measurement, control development and testing

Skills and/or Certification/Licensing:

  • Information security, risk or audit related designation or certification, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other equivalent
  • Proficient oral and written communication and presentation skills, specifically for briefings to upper management and executive committees with both technical and non-technical backgrounds
  • Strong leadership, staff management, and project management skills
  • Strong organizational and time management skills
  • Strong relationship building and problem solving skills
  • Sound judgment and critical thinking skills, ability to think strategically considering impact to credit union operations and safety and soundness

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.