Information Security Manager

Job Type

Full-time

Description

About VCC:

Virginia Community Capital is a Community Development Financial Institution (CDFI) with a mission to create jobs, energize places, and promote an enhanced quality of life for Virginians. With offices in Christiansburg, Norfolk and Richmond, we offer innovative and flexible financing tools throughout the state. In addition, we provide professional advisory services to individuals and organizations in low-to-moderate income and underserved communities. VCC Bank is a state-chartered bank which is majority owned by VCC, which allows the organization to take deposits and make loans similar to a community bank.

About LOCUS:

LOCUS Impact Investing was created to provide a comprehensive set of tools to the increasing number of foundations, place-focused institutions and philanthropic individuals looking for innovative ways to invest in and transform their local communities. These tools range from strategic capacity building and community and economic development assessment to financial due diligence, fund aggregation, deal sourcing, investment servicing, monitoring and tracking to empower place-focused institutions to invest directly in community and economic development projects. We also partner with community foundations to create impact investing options for their donors wishing to engage in place-based investments that are aligned with their charitable intent. LOCUS is a wholly-owned subsidiary of the non-profit, Virginia Community Capital (VCC), a regulated, certified CDFI with over $350 million in assets under management.

Opportunity:

VCC is currently seeking an experienced Information Security Manger to be responsible for developing and managing Information Systems cyber security, including disaster recovery, data protection, and ensuring secure software and applications. The position reports to the Chief Technology Officer.

Position Overview:

The Information Security Manager is responsible for developing and managing Information Systems and policies related to cyber security, including disaster recovery, data protection, and ensuring secure software and applications. Develops and delivers IS security standards, best practices, architecture, training, and systems to ensure information security across the enterprise. Implements procedures and methods for auditing and addressing non-compliance to information security standards. Collaborates with IT Operations to migrate non-compliant environments to compliant environments. Evaluates the organization to ensure compliance with regulation and standards relevant to industry security norms. Ensures that project/department milestones/goals are met and adhering to approved budgets.

Essential Duties and Responsibilities

• Manage information security policies and procedures. Ensure that all policies and procedures support regulatory requirements and reflect industry best practices for an organization with the size and scope of VCC.
• Develop information security standards and document the security architecture to ensure internal and cloud-based IT systems appropriately protect the information assets of the organization.
• Develop and evaluate information security controls for the review of new and existing vendors.
• Serve as the primary point of contact for audits of VCC IT and collaborate with the Director of Internal Audit in response to internal audits and external examinations.
• Collaborate with IT Operations to ensure that deployed systems and services meet the requirements stipulated in relevant information security policies and implement appropriate physical and technical safeguards to protect the confidentiality, integrity, and availability of information assets.
• Assess the organization’s current and future information security needs and make recommendations to the CTO regarding tools, technologies, and strategies.
• Serve at the organization’s Information Security Officer (ISO)
• Collaborate with the organization’s risk management function to ensure that IT systems and organizational risks and mitigations are documented and in alignment with the approved Risk Appetite Statements.
• Collaborate with all business leaders to document system and data ownership and appropriate security controls across all business lines.
• Coordinate responses to information security incidents and collaborate with Director of IT and CTO on appropriate actions and communications.
• Develop and facilitate appropriate information security training for staff based on role within the organization.
• Serve as a subject matte expert on information security topics as needed and maintain current and relevant knowledge through training and collaboration with peers.

Requirements

Experience/Education/Certifications

• Minimum of 5 years information security work experience, including 2 or more years managing projects.
• Bachelor’s Degree in a relevant field or equivalent experience
• Bank or financial services IT experience a plus
• CISSP certification a plus

Computer/Technology:

• Excellent Word, Excel, and Windows file management skills mandatory
• Strong technical experience with Salesforce or other CRM tools
• Demonstrated web research skills
• Familiarity with Outlook or similar network-based email and calendar software
• Extensive computer usage and Microsoft Teams communication
• Must be able to work independently in a stable remote environment

Communication:

• Ability to communicate verbally across all levels of the organization in a clear, concise and confident manner.
• Ability to write accurate, clear and organized communications, incorporating a range of information and analysis. Ability to document workflow and procedures.

Mission/Vision/Organizational Values:

• Live and represent the values and mission of the organization – keeping diverse, equitable, and inclusive impact at the center of all efforts and execution
• Strong analytical and interpersonal skills with a demonstrated ability to establish and maintain effective working relationship with others and successfully interact with people at all management and support levels, as well as people of diverse socio-economic backgrounds
• Ability to organize and prioritize work activities to meet deadlines and ensure high quality work products
• High level of adaptability and flexibility required
• Ability to travel as required
• Alignment with the organizational goals:
• Sensitivity to racial, gender, sexual orientation and cultural differences and treat everyone with dignity and respect
• Effective, respectful, and timely communications with internal and external stakeholders
• Analytic, thoughtful and strategic thinking and thoroughly aware of organizational goals and strategic direction. Must have the ability to switch roles and procedures easily to facilitate change in line with organizational priorities.
• Consider the mission, objectives, and goals of VCCSE and demonstrate an understanding of the impact of their decisions and behavior on the organization.
• Access to high-speed internet bandwidth and reasonable proximity to VCCSE or a major metropolitan airport.

Compensation and Benefits:

• $100,000-$130,000 annually depending on experience
• Bonus opportunity if bonuses are paid in any given calendar year
• 17 days of PTO per year
• Volunteer PTO
• Medical, dental, vision, short and long-term disability insurance
• 401k savings plan with employer match
• Life insurance
• Flexible work environment and hybrid remote options (prefer a candidate within driving distance of offices in Richmond, Norfolk or Christiansburg, Va.)

Click link to apply or mail or fax resume with cover letter to:

Human Resources

VCC Social Enterprises

7814 Carousel Lane, Suite 100

Richmond, VA 23294

Fax: (804) 939-6180

VCCSE is an Equal Opportunity Employer. VCCSE does not discriminate in hiring or employment practices on the basis of race, color, religion, gender, age, sexual orientation, marital or familial status, national origin, non-job-related disability, or status as a veteran.