Information Security Manager - Hybrid/Corporate Campus (Cleveland, OH) (Finance)

Third Federal is a leading lender of conventional home mortgages lending in 27 states, plus the District of Columbia, with retail branch offices in Ohio and Florida. Our mission is to help people achieve the dream of home ownership and financial security while creating value for our customers, our communities, our associates, and our stockholders. Our value system of love (concern for others), trust, respect, a commitment to excellence, and fun is at the heart of our commitment to our mission, and just as importantly, to our company culture. Through this, we help people find the loan or savings product that makes sense for them.

At Third Federal, you will find strength and stability in your career. In our nearly 90-year history, we have never had layoffs, and have one of the lowest annual turnover rates at 6% (versus an industry average of nearly 19%). We have been certified as a ‘Great Place to Work' multiple times in the last decade alone, and have been recognized with several additional workplace awards and recognitions. Because Third Federal associates are the foundation of our success, we take a genuine interest in each of them – from their professional development to their health and wellness.

Description:

This position is responsible for the management and oversight of Third Federal's IS (Cyber) Security Operations Department.  The Information Security Manager is responsible for overseeing the organization's cybersecurity operations, ensuring the protection of information systems from cyber threats. This role involves developing and implementing security policies, managing incident response, and leading a team of security professionals to safeguard digital assets.

This position is hybrid and requires 3 days on-site per week.

Key Responsibilities:

• Develop and implement cybersecurity strategies aligned with business goals.
• Lead risk assessments and mitigation planning.
• Advise management on security issues and compliance requirements.
• Oversee and maintain a cybersecurity incident response program along with ensuring proper planning and execution.
• Manage in-house and outsourced (MSSP) monitoring program.
• Work with fellow IS/IT Managers to develop IT standards, best practices and securely designed architecture.
• Develop and enforce security policies, standards and procedures.
• Ensure compliance with relevant laws, regulations and frameworks (e.g., NIST, CIS, GLBA, PCI, SOX etc.…)
• Evaluate technology projects for security risk and propose solutions to meet business needs and balance cybersecurity risk.
• Conduct regular audits and security assessments (e.g., Penetration testing) with the assistance of IS Governance and Internal Audit.
• Work with IS Governance to identify and share top and emerging cyber threats with appropriate departments.
• Implement security tools to create a layered security approach that uses multiple security controls to protect the most vulnerable areas of our technological environment.
• Assist as a cybersecurity subject matter expert for the vendor management process and manage vendor relationships along with third-party security services.
• Remain active in industry cybersecurity groups.
• Lead and mentor a team of security analysts.
• Coordinate training and awareness programs for staff.

Required Skills and Qualifications

• Strong and proven understanding of network and system security.
• Excellent leadership, communication, and strong problem-solving skills.
• Familiarity with security frameworks and compliance standards.
• Ability to manage multiple projects and priorities in a fast-paced environment.
• Strong experience collaborating with IT and Business Leaders to promote and drive alignment with security and compliance goals.
• Experience with security technologies and tools (e.g., vulnerability scanners, firewalls, identity management, security information and event management, IDS/IPS)
• Technical understanding of cloud-based architectures and technologies such as virtualized infrastructure, containerization, and infrastructure as code.
• Familiarity with industry compliance standards and regulations such as SOX, GLBA, or PCI-DSS.
• Strong organizational skills, including the ability to prioritize and deliver multiple requests in a timely manner.
• Strong written and verbal communication skills.
• Ability to lead and develop associates.
• Ability to work in a collaborative environment with strong interpersonal skills.

Education and Experience:

• Minimum 8-10 years of experience in an Information Security role (Security Analyst).
• Minimum 5 years of experience managing in the Information Security field.
• Certifications that match this job position such as CISSP, CISM, CEH, Security+ etc.… are a plus.
• Experience working with the following:

• Cloud security tools and concepts
• Firewalls, IPS, WAF, SIEM, and EDR technologies
• DLP Tools and Technology
• Vulnerability scanning and threat analysis tools
• Email Protection and Phishing solutions

Third Federal Perks & Benefits

• Competitive compensation packages
• Medical, dental, vision, and more
• 401k match
• 11 Bank Holidays + vacation/sick time
• Exceptional culture and value system
• Strong work/life balance
• Growth opportunities
• Mortgage Discount Program
• Education Reimbursement Program

 

Third Federal is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, ethnicity, religion, sex, national origin, gender identification or sexual orientation, disability, protected veteran status or any other classification protected under law.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.

See job description