Manager, Cyber Operations

The Manager, Cyber Operations is responsible for ensuring the successful execution of operational and project-related activities associated with the Credit Union’s IT Security systems. This role manages Information Security Engineers II and the Cyber Operations Analysts by providing day‐to‐day guidance on tasks including those related to data security related activities. The role is also responsible for addressing gaps and minimizing ongoing risks associated with IT Security’s operational functions in conjunction with other IT teams, Internal Audit, and Enterprise Risk Management functions.

1)      IT Security Operations Support & Maintenance (50%)

a)       Supervise the activities of the Cyber Operations and Security Operations teams.

b)      Oversee SolarWinds Observability network monitoring, management and alerts.

c)       Oversee WPCU’s Vulnerability Monitoring, Assessment & Management program.

d)      Ensure IT security applications, appliances, and servers are maintained with proper

security patches and hardware/software updates.

e)      Ensure assigned IT Security vendors comply with regulatory, contractual, licensing, and

service level agreements.

f)        Leads the cyber incident response phases of identification, containment, eradication,

and recovery for any intrusions or ransomware.

g)       Coordinate with the WPCU ISO in the evaluation, selection, and implementation of

security solutions and/or tools as part of the overall IT security program.

h)      Act as the vendor‐owner for assigned IT Security managed services providers and

participate in vendor due diligence reviews, including annual performance assessments.

i)        Ensure assigned business units are operating efficiently and reliably, comply with applicable laws, regulations, and rules, have appropriate operating controls to mitigate risk, and are performing at a high level.

2)      Leadership & Personnel Management (35%)

a)       Assign, prioritize, track, and review progress on tasks for assigned staff.

b)      Perform Resource planning and estimating.

c)       Supervise, coach, and regularly review the performance of staff.

d)      Execute coaching improvement plans and make recommendations for promotions.

e)      Participate in regularly scheduled IT Leadership Team staff meetings.

f)        Take part in Disaster Recovery and/or Business Continuity triage efforts as assigned or

required by the BCP Command Team during a formally declared event.

3)      Planning and Budgeting (10%)

a)       Provide the Project Management Office with work effort estimates on projects.

b)      Ensure proper time tracking by staff and approve time entry.

c)       Create vendor SOWs as needed and handle associated invoice approvals.

d)      Provide input to the IT budgeting and planning processes throughout the year.

e)      Contribute to the overall technology strategy and rolling IT 3‐Year Operating Plan.

4)      Internal Audit and Regulatory Exam Support (5%)

a)       Provide input to annual regulatory exams and third-party IT audits conducted by Internal Audit.

b)      Provide input to various Risk Assessments conducted by Enterprise Risk Management.

This role is skilled and knowledgeable in information security protection and programs, reporting, communications processes, and continuous improvement: 

1)      Bachelor’s Degree in Business, Information Technology, Information Security, Computer Science, or a related field of study.

2)      Seven (7) or more years of experience in the information technology field with at least 3 years of

experience in support of information security and/or network security technologies.

3)      Three (3) or more years of prior supervisory/leadership experience at the Manager or Technical

Lead level; must have managed work efforts in a complex, enterprise environment.

4)      Experience in managing and maintaining SolarWinds Observability solutions

5)      Proven experience and expert‐level knowledge of Microsoft Windows operating systems and

Microsoft Active Directory.

6)      Demonstrated knowledge of computer networking and secure protocols (e.g. SSL, FTPS, HTTPS,

IPSEC, etc.). A Network+ or Cisco Certification is preferred.

7)      Proficiency in security technologies such as user access management, security monitoring, and

data encryption.

8)      Experience supporting IT or Information Security in a financial institution is desired.

9)      Knowledge of new and/or innovative initiatives that have improved efficiency, quality, security,

and service levels within the IT security arena.

10)  A current CISSP or CISM certification is a plus.