Information Security Officer

Financial Freedom Happens Here – and it starts with YOU.

At FAIRWINDS Credit Union, we’re more than a workplace; we’re a team on a mission. Join the credit union nationally endorsed by The Dave Ramsey Show, where every day is a step toward financial freedom – for our members and for you. Join a mission‑driven financial organization and help protect what matters most!

• Serve as the board‑appointed Information Security Officer, stewarding FAIRWINDS enterprise Information Security Program.
• Update, maintain, and report on the Information Security Program annually to senior leadership and the Board.
• Ensure the Information Security Program supports regulatory expectations, operational resiliency, member trust, and FAIRWINDS strategic goals.
• Develop, maintain, and strengthen information security policies, standards, procedures, and control expectations.
• Monitor regulatory requirements, industry trends, emerging threats, and financial services security practices.

• Own and continuously improve the information security architecture for the credit union, across network, endpoint, cloud, identity, data, and application layers.
• Lead the strategy, design, evaluation, configuration oversight, and continuous improvement of FAIRWINDS’ defense‑in‑depth security capabilities.
• Provide technical leadership across security infrastructure and platforms, including technologies such as Palo Alto, Splunk, Crowd Strike, Cloudflare, Varonis, Microsoft 365 security tooling, vulnerability management platforms, SIEM and logging, IDS/IPS, email and web security, data protection, and related security solutions.
• Bring hands‑on technical depth, able to personally evaluate configurations, review queries and detection logic, validate vendor claims, and engage at the console level when needed.
• Partner with infrastructure, network, cloud, endpoint, application, and operations teams to ensure security controls are appropriately designed, integrated, monitored, and improved.
• Assess current security tools and capabilities for effectiveness, redundancy, gaps, automation opportunities, and scalability.
• Provide informed technical direction to vendors, managed service providers, and internal teams.
• Translate technical security risks into practical business decisions and executive‑ready recommendations.

• Conduct and refine information security risk assessments, evaluating inherent risk, control effectiveness, and residual risk.
• Evaluate systems, processes, vendors, locations, and technology changes to identify opportunities for enhanced security controls.
• Oversee internal controls related to information security, including preventive, detective, and corrective controls.
• Ensure appropriate security requirements are incorporated into vendor due diligence, selection, implementation, and ongoing monitoring.
• Guide access governance, including system access authorization, review, and auditing processes.
• Collaborate with Internal Audit, Enterprise Risk Management, Compliance, Information Technology, and business leaders on control testing, remediation, and reporting.

• Oversee and validate security monitoring, alerting, configurations, workflows, and escalation processes.
• Lead incident response efforts, including triage, investigation, documentation, case building, loss assessment, communication, root‑cause analysis, and remediation.
• Strengthen cybercrime prevention capabilities and ensure adherence to laws, contracts, policies, and member protection obligations.
• Maintain readiness through tabletop exercises, control testing, scenario planning, and continuous improvement of incident response procedures.
• Advance threat detection, vulnerability management, logging, investigation, and response capabilities.

• Stay ahead of emerging cybersecurity threats, technologies, and practices affecting financial institutions.
• Identify opportunities to improve security through automation, analytics, AI‑enabled capabilities, improved tooling, and more effective…