Director, Information Security

The Director of Information Security is a collaborative partner that seeks opportunities to learn and engage across the organization. The Director will direct and evolve UFCU’s enterprise information security and cyber risk program while enabling secure innovation and outstanding Member experiences. The Director works closely with senior leaders to outline and execute company goals and is responsible for defining and executing UFCU’s information security strategy, cyber and technology risk posture, and operational resilience.

This role serves as a trusted advisor to executive leadership and the Board, championing a member‑first, security‑by‑design culture that safeguards trust while supporting growth and innovation. This position is based in Austin, Texas and requires frequent on‑site engagement at UFCU Plaza to support executive collaboration, enterprise risk governance, cross‑functional partnership, and operational leadership across the organization.

The Director develops and drives a proactive, collaborative partnership understanding team needs, creating engaging conversations, monitoring partner feedback, and identifying trends and opportunities to advance UFCU’s overall business strategy and vision. The Director, Information Security position is an exempt role and reports to the Chief Technology Officer and leads the Information Security team.

Our Credit Union was founded in 1936 and has grown to serve members throughout Texas and beyond. At UFCU, we are more than just a financial institution, and our people are more than just employees. We are dedicated to our purpose of empowering our Members to achieve financial success and build brighter futures
.

In pursuit of our aspiration that UFCU is
loved by millions of Members and built to thrive for generations
, we are guided by our values:

We are driven by a profound sense of empathy to deeply understand our Members’ needs and preferences, what brighter futures means to them, and the obstacles in their way. We act in our Members’ best interests, forever seeking to empower their financial success.

We are inspired to courageously experiment, learn, and iterate in pursuit of positive impact for our Members, UFCU, and coworkers. We challenge assumptions, embrace diverse perspectives, and make use of data and insights.

We do the right thing, always. We champion teamwork, accountability, continuous improvement, and celebrate successful outcomes of others, fostering an inclusive environment of excellence and collaboration.

• Define and own UFCU’s enterprise information security and cyber risk strategy, roadmap, and policies in alignment with business objectives, risk appetite, budgets, and regulatory expectations
• Lead the design, implementation, and operation of a comprehensive cybersecurity program covering governance, architecture, infrastructure, networking, cloud security, application security, IAM, vulnerability management, and security operations
• Embed security‑by‑design practices into digital banking, payments, and member‑facing platforms by partnering with Technology, Product, and Enterprise Risk teams

• Establish and maintain an effective information security governance framework, including standards, policies, and leadership forums that align cybersecurity priorities with enterprise goals
• Ensure compliance with applicable regulatory and industry frameworks, including NCUA guidance, GLBA Safeguards Rule, NIST, ISO, and PCI (as applicable)
• Lead internal and external examinations, audits, and assessments; oversee remediation plans and ensure sustainable closure of findings, oversee identification, assessment, and treatment of cyber and technology risks
• Partner with Technology, Risk, and business leaders to support business continuity, disaster recovery readiness, cyber resiliency, and enterprise operational resilience initiatives
• Present cybersecurity risks, trends, incident readiness, and strategic recommendations to executive leadership, risk…