Information Security Officer

This position will be primarily in-office and located in Warner Robins, GA.

What You’ll Do:

• Information Security Program & Governance
  • Develop, implement, and maintain the Credit Union’s Information Security Program in alignment with NCUA Part 748, GLBA, FFIEC, and industry frameworks (NIST, ISO 27001).
  • Establish and maintain a risk-based control framework aligned with the organization’s size, complexity, and risk appetite.
  • Develop and maintain information security policies, standards, and procedures, ensuring they remain current and effectively implemented across the organization.
  • Serve as the primary point of contact for regulatory examinations, independent audits, and internal reviews, ensuring appropriate remediation of findings.
• Risk Management & Oversight
  • Lead enterprise information security risk assessments, evaluating threats, vulnerabilities,
  • Provide independent oversight and challenge of control design and effectiveness across business units and IT environments.
  • Identify control gaps and drive risk-based mitigation strategies in partnership with business and technology teams.
  • Ensure security considerations are incorporated into new systems, products, services, and operational changes.
  • Escalate material risks and control deficiencies to executive leadership and the ERM Committee.
• Vendor & Third-Party Risk
  • Oversee the information security component of the Vendor Risk Management Program, including due diligence, ongoing monitoring, and risk evaluation.
  • Ensure third-party relationships meet regulatory and internal security expectations.
• Monitoring, Reporting & Incident Response
  • Establish and monitor KRIs and KPIs to evaluate the effectiveness of the information security program.
  • Provide regular reporting to executive leadership and the ERM Committee on risk posture, control effectiveness, incidents, and remediation status.
  • Oversee the Incident Response Program, including preparation, testing, escalation, and regulatory notification requirements.
  • Maintain awareness of emerging threats and adjust the organization’s risk posture accordingly.
• Culture, Training & Cross-Functional Leadership
  • Promote a risk-aware culture through security awareness initiatives and training.
  • Serve as a trusted advisor across the organization, partnering with IT, Risk, Compliance, Audit, and business leaders.

What You Need to Succeed:

• Education & Experience Required:
  • Bachelor’s degree in Information Security, Information Technology, Computer Science, Risk Management, Business Administration, or a related field
  • Minimum of 5–7 years of progressive experience in information security, IT risk, cybersecurity, or a related field
  • Experience within a regulated financial institution preferred
  • Demonstrated experience supporting or leading regulatory examinations, audits, or compliance activities
  • Master’s degree preferred, but not required
• Certifications (Preferred)
  • One or more of the following:
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Security Manager (CISM)
    • Certified in Risk and Information Systems Control (CRISC)
    • Or equivalent industry-recognized certification
• Knowledge & Skills Required:
  • Strong understanding of:
    • FFIEC IT Examination Handbook
    • GLBA Safeguards Rule
    • NCUA regulations, including Part 748
    • NIST Cybersecurity Framework (CSF)
    • ISO 27001 or similar security frameworks
  • Ability to:
    • Translate technical and regulatory requirements into practical, business-aligned controls
    • Assess and communicate risk in clear, business terms
    • Evaluate control effectiveness and identify gaps
    • Provide independent, objective oversight and challenge
    • Influence decision-making without direct authority
    • Communicate effectively with both technical and non-technical stakeholders
    • Present information clearly to leadership and governance committees

• Physical Demands:

  • The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
  • • Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • While performing the duties of this job, employee is regularly required to sit, stand, and walk; use hands and fingers to handle or feel; reach with hands and arms; talk and hear.
  • Must be able to lift and carry up to 20 pounds.
  • Vision requirements include close and classroom vision.
  • Occasionally required to travel by automobile.
  • Occasionally required to work other than normal business hour