VP, Cyber Assurance & Defense

Benefits

Additional Information

If you are ready to join a company that truly cares about its employees, our members, and our community then you have come to the right place! Summary of Role: The Vice President of Cyber Assurance and Defense is responsible for designing, operating, and maturing a comprehensive, risk‑based cyber assurance and defense program for a complex, highly regulated financial institution. This role ensures Broadview Federal Credit Union (BFCU) maintains strong defensive and offensive cyber capabilities, a robust access access governance, and measurable cyber risk reduction aligned with regulatory expectations, business strategy, and member protection. This position is responsible for the second‑line technical cyberassurance and defense function, providing independent oversight, challenge, and assurance over controls, while partnering closely with IT, Engineering, and Business leadership. The VP will mature an evolving program into a repeatable, defensible, regulator‑ready capability suitable for CFPB‑scale supervision or a best-in-class organization. The role requires a deep technical hands on expertise across modern security tooling, cloud and SaaS platforms, offensive security, digital forensics, SIEM/SOC operations, identity governance, and incident response combined with the ability to to translate cyber risk into business and regulatory terms. Essential Job Functions/Responsibilities: Cyber Assurance & Defense Leadership Provide oversight of the Cyber Assurance & Defense function (includes Cyber Defense and Identity Governance), encompassing: Defensive security monitoring and detection Offensive security (penetration testing, red/purple teaming) Digital forensics and investigations Identity and Access governance (IAG) Act as the technical security expert, independently validating initiatives/ project situations, security control design, effectiveness, and sustainability. Program Maturity & Continuous Improvement Design and execute a multi‑year cybersecurity maturity roadmap addressing: Vulnerability and exposure management Security architecture and technical design reviews Security tool rationalization and roadmap planning Early warning detection capabilities using SIEM and UEBA Deception technologies and advanced detection engineering Mature security capabilities from ad‑hoc to defined, repeatable, and measurable, with regulator defensible documentation and evidence. Cyber Defense, Detection & Incident Response (IR) Enhance and oversee the Cybersecurity Incident Response Team (CIRT) program, including: Maintain updated IR plans, playbooks, and runbooks to align with evolving threats Define roles and escalation paths Executive and regulator communication standards Tabletop exercises and live simulations Oversee forensic investigations involving: Endpoint, network, cloud, and SaaS platforms Insider threat activity Credential misuse and account compromise Ensure lessons learned are operationalized into control improvements. Support SVP Information Risk and Security managing incident response Identity & Access Governance (IAG) Architect and lead a centralized enterprise IAG program, including: Encourage Role Based Access Control (RBAC) Least privilege enforcement Segregation of duties (SoD) Privileged Access Management (PAM) Assess, select, and implement user access governance platforms appropriate for financial services scale and risk. Centralize access risk decisions based on application criticality, data sensitivity , and regulatory impact. Risk Identification, Assessment & Reporting Identify emerging cyber threats and systemic risks impacting: Core banking systems Cloud (AWS) and SaaS platforms (Microsoft 365) Digital channels and member facing technologies Translate technical findings into clear risk statements with prioritized remediation recommendations. Develop cyber risk metrics, KRIs, and dashboards to: Inform senior leadership and board committees Optimize investment decisions Demonstrate risk reduction over time Technology, Cloud & Secure Engineering Advisement Review and challenge technology controls across are required: Network and infrastructure Cloud (AWS IaaS/PaaS) SaaS (Salesforce Shield, Microsoft 365 E5) DevSecOps pipelines and CI/CD tooling Ensure security is embedded in (security by design): System acquisitions Projects and initiatives Software development lifecycles Change and release management Provide guidance on secure AI usage, automation, and emerging technologies. People Leadership & Executive Partnership Build, lead, and mentor a team of highly technical cybersecurity practitioners capable of: Threat modeling and attack simulation Detection engineering Forensic analysis Technology and security control validation Serve as a trusted advisor to leadership and peers. Communicate complex security concepts clearly to both technical and non technical stakeholders. Minimum Job Qualifications: 15+ years of progressive, hands‑on technical inf

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at broadviewfcu? Share your experience