EMPREGO

Information Security Officer

Webster First Federal Credit Union-Worcester, United States

Title: Information Security Officer

Location: Worcester, MA (Onsite, 5x per week)

About Webster First Federal Credit Union

Established in 1928 and driven by a goal to make life more comfortable for our community, Webster First Federal Credit Union has grown to an over one-billion-dollar financial institution, serving over 90,000 members across our banking and lending services. Our mission is to leverage who we are as a credit union to empower our members to live their best financial lives. We focus on members, not profits, and our values of strength, exceptional service, and “New England authenticity” are at the heart of everything we do.

We can’t do it without an exceptional workforce! With approximately 250 employees spread across 15 locations in Massachusetts, Webster First Federal Credit Union is committed to empowering a diverse and inclusive workforce that is representative of the community we serve. Our members come from all walks of life and, not unintentionally, so do our staff. We hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes us stronger.

Summary

The Information Security Officer (ISO) is responsible for developing, implementing, and maintaining the Credit Union’s information security program. This role ensures the confidentiality, integrity, and availability of information assets through risk management, policy development, monitoring, and compliance efforts. The ISO serves as the primary point of contact for internal and external audits, cybersecurity matters, and ongoing employee security awareness initiatives.

The ISO collaborates with Senior Leadership, IT, Compliance, and other departments to align the security strategy with the overall business goals while remaining compliant with applicable regulations, including GLBA, NCUA, and FFIEC guidelines.

Essential Duties and Responsibilities

Strategy & Risk Management

  • Develop and maintain security strategy, policies, and controls.
  • Conduct regular risk assessments and drive remediation plans.
  • Monitor threats and implement proactive risk mitigation strategies.
  • Ensure compliance with FFIEC, GDPR, and other applicable regulations.

Security Operations & Incident Response

  • Oversee monitoring, auditing, and incident response.
  • Lead investigations, post-incident reviews, and follow-up actions.
  • Manage vulnerability management, patching, and system hardening.

Training & Awareness

  • Deliver organization-wide security awareness training.
  • Foster a strong security-minded culture across teams.

Collaboration & Governance

  • Act as liaison between IT, Compliance, and business units.
  • Participate in risk and IT governance committees.

Technology & Compliance

  • Oversee SIEM, DLP, and threat detection tools.
  • Lead key security projects and compliance audits.
  • Lias with third party vendors and other external parties.
  • Maintain reporting to leadership and the Board on security posture and progress.
  • Promotes overall BSA compliance by adhering to all BSA and OFAC regulations specific to the job function and assisting the Credit Union’s BSA department as necessary with any departmental function specific items.
  • Actively promotes the security and privacy of member and employee information through adherence to both information security and physical security policies, procedures, and governing regulations. Training will be completed at least annually for Information Security topics, BSA, and GLBA; annual BSA training will be position specific. Annual training will also include courses on any of the following regulations as they relate to the position described herein: SAFE ACT, Regulations B, C, D, E CC, DD, and Z as well as any training deemed necessary to promote adherence to applicable regulatory requirements.
  • Perform other duties as directed.

Qualifications/Requirements

  • Proven experience developing and maintaining information security programs.
  • Strong knowledge of GLBA, NCUA guidelines, FFIEC cybersecurity expectations, and other relevant laws and regulations.
  • Strong analytical and problem-solving skills with the ability to assess risk and prioritize accordingly.
  • Excellent communication and interpersonal skills; ability to translate technical concepts for non-technical audiences.
  • Experience with vendor management and third-party risk assessments.

Education/Training Experience

  • Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field required; master’s degree preferred.
  • 5+ years of experience in information security or IT governance, risk, and compliance roles.
  • Experience working in a regulated financial institution.
  • Certifications such as CISSP, CISM, or similar strongly preferred.

Physical Demands & Work Environment

This role primarily takes place in a professional office environment and involves sedentary work, at a desk or teller station, using a computer