About Gulf Winds

Gulf Winds Credit Union offers financial products and services that Move Members Forward. Since our founding in 1954, we have grown from a single branch at the Chemstrand Nylon Plant in Pensacola, Florida, to a regional institution with over $1 billion in assets and 80,000+ members across Florida, Alabama, and Georgia. Our team collaborates daily to guide members on their financial journey and provide a simple experience beyond expectations.

We're about more than banking.
We care for our team, members, and communities by investing in their success.

We believe your journey matters.
We guide members along life's moments and milestones.

We provide solutions, not obstacles.
Backed by our people, we leverage technology and financial resources to provide a great experience, simply.

We create opportunities for a better tomorrow.
Our strength provides the path to your dreams.

Working at Gulf Winds

Working at Gulf Winds is not just a job, it’s a career. We’re hiring collaborative, motivated people who want to love what they do. At Gulf Winds, we are forward-thinking and family oriented. We recognize and reward excellent member service and, most importantly, have fun while working hard. When you join the Gulf Winds team you can expect:

• Open and transparent communication with your leaders
• Consistent coaching and opportunities to improve performance
• Collaborative and team-focused environments
• Short and long-term professional development
• Opportunity to participate in cross-functional projects

Job Description

Role:

The Information Security Manager will be responsible for the research, development, implementation, testing and reviewing of the Credit Union's overall information security to protect information and prevent unauthorized access. The primary objective of this position is to directly manage the protection, defense, remediate, and availability of information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation of the Credit Union information and information systems through the creation and implementation of the security program.

This position assumes a management role in information security for all critical and significant aspects of the organization's technology, including controlling and protecting company proprietary and confidential consumer information. This position manages compliance with information security policies and practices, applicable regulatory guidance, and financial services industry best practices for information security management and assurance.

Essential Functions & Responsibilities:

Creation and implementation of the Annual Information Security Program. Develops and writes policies and procedures concerning IT requirements for security testing, documenting, and process improvement. Report on the effectiveness of the Information Security Program using the information security measures and metrics. Proposes necessary policy changes to ensure adequate systems security and compliance with NCUA Section 748.

Manage security risk assessments to include, but are not limited to, vulnerability assessments, penetration tests, permissions assessments, and IT resources with vendors and internal staff.

Responsible for gathering information necessary to maintain security and establish functioning internal and external barriers such as firewalls, intrusion detection/prevention systems, anti-virus and malware, and other security measures. Coordinates information security initiatives with IT and Risk stakeholders. Routinely review the credit union computing environment, logs, and network traffic for activities including but not limited to policy violations, abnormal behaviors, intrusions, best practice recommendations, etc.

Develops and reviews IT Security change management activities across the organization to ensure secure and compliant information security operations.

Coordinates and implements IT security awareness training for employees and members across the credit union computing environment.

Partner with IT in the design, implementation, and support of an effective, secured system access and total security environment for all data systems.

Assumes a reporting role in the Information Security Committee; providing recommendations as necessary.

Keeps abreast of new technologies and systems security through self-learning or structured courses.

Provides enterprise-wide expertise in Vendor Management and Project Management security reviews and assessments.

Performs other job-related duties as assigned.

Performance Measurements:

1. Provides recommendations for any new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures.

2. Meets department standards for response to team member requests for assistance with security concerns.

3. Meets deadlines for completion of assigned projects / provides valuable input with response to project success and fulfillment.

4. Accurately maintains security logs and permission documentation where appropriate.

5. Provides evolving information security training to Gulf Winds team members.

6. Drafts and enforces Information Security regulations, Information Security Policy, and Information Security Standards and Procedures.

7. Complies with all applicable rules, regulations, and policies, including but not limited to BSA, OFAC, and Physical Security.

Knowledge and Skills:

Experience: Five to eight years of similar or related experience.

Education: Equivalent to a college degree and a professional certificate or a graduate degree. CISO or CISSP preferred.

Interpersonal Skills: Work frequently involves exercising advanced conflict resolution, giving material presentations, and resolving issues impacting multiple departments or divisions. Role also requires the ability to motivate or influence others as a material part of the role, with a significant level of diplomacy and trust. Obtaining cooperation (internally and/or externally) is an important part of the role and a high level of interpersonal skills is critical to the success of this position.

Other Skills: Demonstrated knowledge of IT Security practices and procedures. Strong working knowledge of change control practices and security administration (e.g., access control and system hardening, and security policies). Ability to recognize and appropriately handle sensitive and confidential information. Credit union or financial services experience is a plus.

Physical Requirements: Light or low amount of physical exertion.

This Job Description is not a complete statement of all duties and responsibilities comprising the position.

Gulf Winds is an Equal Opportunity Employer. Drug Free Workplace.