Cybersecurity Manager

Summary

We are seeking a Cybersecurity Manager to lead and grow a team responsible for performing end-to-end security and threat analysis across credit union enterprise initiatives. This role ensures that information security best practices, regulatory requirements, and risk management principles are embedded into system and business process designs.

The Cybersecurity Manager provides daily leadership and operational oversight of the Credit Union’s cybersecurity and physical access security programs. Responsibilities include implementing, monitoring, and optimizing security technologies, processes, and third‑party services such as the Security Operations Center (SOC), with a strong focus on protecting member information and critical financial systems. This role is accountable for scaling and maturing the cybersecurity function, including hiring, onboarding, training staff;

managing team operations; and aligning security initiatives with the Credit Union’s strategic objectives and risk appetite. The Manager serves as a technical subject matter expert across key cybersecurity domains—network, application, cloud, and enterprise security controls—and works closely with the CIO, CISO, IT teams, facilities management, risk and compliance functions, and external vendors. Together, they ensure effective security controls, timely incident response, regulatory readiness, and prompt identification and remediation of cybersecurity and physical security risks.

• Managing, deploying, and maintaining security infrastructure
• Oversee daily operation of cybersecurity tools and controls (SIEM, SOC services, EDR, firewalls, IDS/IPS, IAM)
• Conducting vulnerability, penetration testing and identifying follow‑up actions to mitigate failures and address any weaknesses
• Maintaining up‑to‑date knowledge on cyber‑security technologies and standards while automating security controls, data and processes to ensure proper configuration, maintenance, and monitoring
• Validates alerts, investigations, and response actions performed by the SOC
• Serve as the subject matter expert with the ability to educate and explain common threats affecting Network, Cloud, Web and Application environments as well as best practices in the Cyber Security industry, including remediations for OWASP Top 10, CWE/SANS Top 25, CIS controls, and NIST guidelines
• Proven ability to successfully manage projects by establishing clear goals and deliverables, adhering to deadlines, proactively managing risks, and maintaining effective stakeholder engagement and communication

• Act as primary point of contact with SOC providers.
• Investigate, review, and validate alerts, incident tickets, and escalations.
• Ensure SLAs, escalation procedures, and response timelines are met.
• Participate in investigations and coordinate responses with IT teams.

• Execute incident response procedures under CIO/CISO guidance.
• Coordinate containment, eradication, and recovery activities.
• Maintain incident documentation, timelines, and evidence.
• Support post‑incident reviews and corrective actions.
• Support updates and maintenance of business continuity plan/program.
• Participate and lead BCP‑IRP trainings and tabletop exercises.

• Oversee vulnerability scanning and remediation.
• Coordinate patching and mitigation with IT operations.

• Manage physical access control systems (badges, key cards, biometric systems) and coordinate with facilities to ensure alignment between physical and cybersecurity controls for comprehensive protection.
• Oversee visitor management processes and ensure compliance with policies.
• Monitor and review physical access logs for anomalies or unauthorized activity and support investigations involving physical access incidents.

• Translate strategic goals into actionable security roadmaps, initiatives, tasks and provide tactical updates and metrics to CIO.
• Escalate risks with clear, actionable recommendations.

• Manage relationships with security vendors and service…