San Francisco Federal Credit Union logo

Director, Information Security

San Francisco Federal Credit UnionSan Francisco, CA

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.1

Reclaim your time by letting our AI handle the grunt work of job searching.

We continuously scan millions of openings to find your top matches.

pay-wall

Overview

Schedule
Full-time
Career level
Executive
Remote
Hybrid remote
Benefits
Career Development

Job Description

About Us

San Francisco Federal Credit Union is a member-driven financial institution committed to delivering exceptional service, strengthening our community, and creating a people-first culture. We invest in our people and empower leaders to drive meaningful impact for our members, teams, and communities.

Role Overview

The Director of Information Security is responsible for leading and overseeing the Credit Union's information security, cybersecurity, and technology risk management programs. This role is accountable for protecting organizational systems, networks, applications, and data while ensuring compliance with regulatory requirements and industry best practices.

Reporting directly to the Chief Technology Officer (CTO), with a dotted-line reporting relationship to the Chief Risk Officer (CRO), the Director of Information Security partners closely with Information Technology, Risk, Compliance, Internal Audit, and business leaders to strengthen the organization's cybersecurity posture, manage technology-related risk, and support operational resilience.

The Director will lead information security operations, governance, incident response, vulnerability management, business continuity coordination, security awareness, and third-party technology risk oversight while helping enable secure digital transformation and member trust.

Key Responsibilities

Information Security Strategy & Governance

  • Develop, implement, and maintain the Credit Union's enterprise information security program and cybersecurity roadmap.
  • Establish security policies, standards, procedures, and controls aligned with organizational objectives and regulatory expectations.
  • Partner with executive leadership to identify and manage information security and technology-related risks.
  • Provide regular reporting and updates on security posture, incidents, vulnerabilities, and remediation efforts.
  • Promote a culture of security awareness and accountability across the organization.

Cybersecurity Operations

  • Oversee cybersecurity monitoring, threat detection, incident response, and remediation activities.
  • Lead vulnerability management, penetration testing coordination, patch management oversight, and security assessments.
  • Manage endpoint security, identity and access management, email security, network security, and cloud security controls.
  • Coordinate response efforts for cybersecurity incidents, including investigation, containment, recovery, and post-incident analysis.
  • Maintain and test incident response procedures and escalation protocols.
  • Oversee BYOD policy enforcement, mobile device security, and personal device risk controls.
  • Monitor threat intelligence sources and dark web indicators relevant to member data and organizational risk.
  • Collaborate with fraud and operations teams on account takeover, ACH fraud, and identity-related threats at the security/fraud intersection.

Risk Management & Compliance

  • Partner closely with the Chief Risk Officer on enterprise risk management initiatives related to information security and technology risk.
  • Ensure compliance with NCUA, FFIEC, GLBA, PCI-DSS, and other applicable regulatory and cybersecurity requirements.
  • Ensure compliance with NCUA 12 CFR Part 748 cybersecurity incident notification requirements.
  • Support internal and external audits, examinations, and regulatory reviews.
  • Oversee third-party technology risk assessments and vendor cybersecurity reviews.
  • Participate in business continuity and disaster recovery planning, testing, and resilience efforts.

Security Awareness & Training

  • Develop and administer enterprise-wide information security awareness and training programs.
  • Conduct phishing simulations, employee education campaigns, and ongoing awareness initiatives.
  • Provide guidance to leaders and employees regarding cybersecurity best practices and emerging threats.

Technology Partnership & Project Support

  • Collaborate with IT and business teams to ensure security requirements are integrated into technology projects and system implementations.
  • Provide security guidance for digital banking platforms, cloud solutions, third-party integrations, and new technologies.
  • Evaluate and design security architecture across on-premise, cloud, and hybrid environments, and recommend improvements to strengthen the overall security posture.
  • Support AI governance and emerging technology risk assessments, including participation in enterprise AI evaluation and policy development.

Qualifications

Education & Experience

  • Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science, or related field required; advanced degree preferred.
  • Minimum of 7 years of progressive information security or cybersecurity experience, preferably within financial services or a regulated industry.
  • Minimum of 3 years of leadership or management experience.
  • Experience with cybersecurity operations, regulatory compliance, risk management, and incident response.
  • Credit union or banking industry experience strongly preferred.

Knowledge, Skills & Abilities

  • Strong understanding of cybersecurity frameworks, governance, and risk management principles.
  • Knowledge of financial institution regulatory requirements including FFIEC, NCUA, GLBA, PCI-DSS, and vendor management expectations.
  • Experience designing and evaluating security architecture across on-premise, cloud, and hybrid environments.
  • Experience with SIEM tools, endpoint protection, vulnerability management, identity and access management, and cloud security.
  • Strong analytical, problem-solving, and decision-making skills.
  • Excellent communication and executive presentation abilities.
  • Ability to balance operational responsiveness with strategic planning.
  • Strong collaboration and relationship-building capabilities.

Preferred Qualifications

  • Industry certifications such as CISSP, CISM, CRISC, CEH, or similar.
  • Experience supporting digital banking platforms and financial services technologies.
  • Experience with cybersecurity audits, examinations, and remediation programs.
  • Familiarity with business continuity and disaster recovery frameworks.

Leadership & Core Competencies

  • Strategic thinking & execution
  • Accountability & ownership
  • Stakeholder influence
  • Change leadership
  • Continuous improvement
  • Member / customer-centric mindset

Decision-Making Authority

This role exercises independent judgment in areas such as prioritization, resource allocation, policy/process recommendations, and execution of initiatives aligned with organizational objectives.

Work Environment

  • Hybrid work arrangement; in-office schedule to be confirmed.
  • Regular collaboration with leaders and cross-functional partners.
  • Occasional travel may be required.

Equal Opportunity Statement

San Francisco Federal Credit Union is an equal opportunity employer and is committed to fostering an inclusive environment. We do not discriminate based on race, color, religion, gender, gender identity or expression, sexual orientation, national origin, age, disability, veteran status, or any other protected characteristic.

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.

pay-wall

FAQs About Director, Information Security Jobs at San Francisco Federal Credit Union

What is the work location for this position at San Francisco Federal Credit Union?
This job at San Francisco Federal Credit Union is located in San Francisco, CA, according to the details provided by the employer. Some roles may also include multiple work locations depending on the requirement.
What pay range can candidates expect for this role at San Francisco Federal Credit Union?
Employer has not shared pay details for this role.
What employment applies to this position at San Francisco Federal Credit Union?
San Francisco Federal Credit Union lists this role as a Full-time position.
What experience level is required for this role at San Francisco Federal Credit Union?
San Francisco Federal Credit Union is looking for a candidate with "Executive" experience level.
What benefits are offered by San Francisco Federal Credit Union for this role?
San Francisco Federal Credit Union offers Career Development for this position. Actual benefits may vary depending on the employer's policies and employment terms.
What is the process to apply for this position at San Francisco Federal Credit Union?
You can apply for this role at San Francisco Federal Credit Union either through Sonara's automated application system, which helps you submit applications 10X faster with minimal effort, or by applying manually using the direct link on the job page.