Jobs · Engineering · New York

VP, Cyber Assurance & Defense

Broadview Federal Credit Union · Albany, NY · 1 mo ago
Engineering$200k–$250k/yrFull-time

Summary of Role

The Vice President of Cyber Assurance and Defense is responsible for designing, operating, and maturing a comprehensive, risk-based cyber assurance and defense program for a complex, highly regulated financial institution.

Cyber Assurance & Defense Leadership

  • Provide oversight of the Cyber Assurance & Defense function (includes Cyber Defense and Identity Governance)
  • Defensive security monitoring and detection
  • Offensive security (penetration testing, red/purple teaming)
  • Digital forensics and investigations
  • Identity and Access governance (IAG)
  • Act as the technical security expert, independently validating initiatives/project situations, security control design, effectiveness, and sustainability

Program Maturity & Continuous Improvement

  • Design and execute a multi-year cybersecurity maturity roadmap addressing:
  • Vulnerability and exposure management
  • Security architecture and technical design reviews
  • Security tool rationalization and roadmap planning
  • Early warning detection capabilities using SIEM and UEBA
  • Deception technologies and advanced detection engineering
  • Mature security capabilities from ad-hoc to defined, repeatable, and measurable, with regulator defensible documentation and evidence

Cyber Defense, Detection & Incident Response (IR)

  • Enhance and oversee the Cybersecurity Incident Response Team (CIRT) program
  • Maintain updated IR plans, playbooks, and runbooks to align with evolving threats
  • Define roles and escalation paths
  • Executive and regulator communication standards
  • Tabletop exercises and live simulations
  • Oversee forensic investigations involving:
  • Endpoint, network, cloud, and SaaS platforms
  • Insider threat activity
  • Credential misuse and account compromise
  • Ensure lessons learned are operationalized into control improvements

Identity & Access Governance (IAG)

  • Architect and lead a centralized enterprise IAG program
  • Encourage Role Based Access Control (RBAC) least privilege enforcement
  • Segregation of duties (SoD)
  • Privileged Access Management (PAM)
  • Assess, select, and implement user access governance platforms appropriate for financial services scale and risk
  • Centralize access risk decisions based on application criticality, data sensitivity, and regulatory impact

Risk Identification, Assessment & Reporting

  • Identify emerging cyber threats and systemic risks impacting:
  • Core banking systems
  • Cloud (AWS) and SaaS platforms (Microsoft 365)
  • Digital channels and member facing technologies
  • Translate technical findings into clear risk statements with prioritized remediation recommendations
  • Develop cyber risk metrics, KRIs, and dashboards to:
  • Inform senior leadership and board committees
  • Optimize investment decisions
  • Demonstrate risk reduction over time

Technology, Cloud & Secure Engineering Advisement

  • Review and challenge technology controls across are required:
  • Network and infrastructure
  • Cloud (AWS IaaS/PaaS)
  • SaaS (Salesforce Shield, Microsoft 365 E5)
  • DevSecOps pipelines and CI/CD tooling
  • Ensure security is embedded in (security by design):
  • System acquisitions
  • Projects and initiatives
  • Software development lifecycles
  • Change and release management
  • Provide guidance on secure AI usage, automation, and emerging technologies

People Leadership & Executive Partnership

  • Build, lead, and mentor a team of highly technical cybersecurity practitioners capable of:
  • Threat modeling and attack simulation
  • Detection engineering
  • Forensic analysis
  • Technology and security control validation
  • Serve as a trusted advisor to leadership and peers
  • Communicate complex security concepts clearly to both technical and non-technical stakeholders

Minimum Job Qualifications

  • 15+ years of progressive, hands-on technical information security experience in financial services or similarly regulated industries
  • Ability to deliver risk-focused recommendations balancing cost and benefit
  • 5+ years at a VP level or equivalent senior leadership role managing enterprise-scale cybersecurity programs
  • 10+ years leading highly technical security teams, including direct involvement in:
  • Forensic investigations
  • Ethical hacking / penetration testing
  • SIEM/SOC operations and threat analysis
  • Incidence response
  • ED/EXR
  • Security tool implementations
  • Experience operating under FFIEC, NCUA, CFPB, NYS DFS Cybersecurity, GLBA, PCI and regulatory scrutiny
  • Technical Expertise (Required)
  • Network, endpoint, and application security
  • Cryptography, key management, and data protection
  • Cloud security (AWS IaaS/PaaS)
  • SaaS security controls

Technical Expertise (Preferred)

  • CISSP
  • CEH
  • AWS Security
  • GICSP
  • OSCP

Starting Compensation

$200,000-$250,000, plus a competitive benefits package.

Similar jobs