Our Virtual CISO service or “CISO as a Service” will establish, maintain and monitor a comprehensive information security program to ensure the integrity , confidentiality and availability of information owned, controlled, or processed by your organization and:
• Drive information security projects and enhancements to adapt to existing, changing and emerging information security threats.
• Conduct Penetration Testing and Risk Assessments mitigation for threats and risks identified .
• Perform information security risk assessments and coordinate the performance of third party internal and external network and systems vulnerability assessments.
• Provide information security assessments of third-party vendors and service providers as part of the credit unions vendor management program.
• Develop, maintain, and manage the incident response plan; lead incident responses and investigations of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary, in coordination with the Risk Management department.
• Create and manage information security awareness training programs for employees, contractors, and approved system users.
• Facilitate audits and examinations by regulatory agencies and create risk mitigation plans for audit findings and track the plans to completion.
• Lead strategic security planning with IT management, risk management and users across the organization.
• Work directly with business units to facilitate IT risk analysis and risk management processes; identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection. • Maintain awareness of changing and emerging information security and cybersecurity threats, and provide subject matter expertise to executive management on a broad range of information security topics and standards.
• Provide guidance and input to technical reviews of proposed projects, services and vendors.
• Work with Audit and Compliance pertaining to Data Privacy to ensure security programs are in compliance with applicable laws, regulations and policies, to minimize or eliminate risk and mitigate
and resolve audit findings.
• Coordinate use of external resources involved in the information security program, including information security service providers, physical security service providers, and consultants. • Oversee the management and monitoring of layered security controls such as firewalls, servers, and other IT devices.
• Provide support and governance for enterprise security projects. • Provide support and security-related information, as needed, to business unit stakeholders.