Job Description An employer is seeking VP, OPSEC for a direct hire opportunity in Beavercreek, OH. The Senior Vice President, Operational Security & Recovery (SVP, OPSEC) provides strategic leadership for the credit union’s operational security program. This role is a member of the senior leadership team and is responsible for designing, implementing, and overseeing all aspects of the credit union’s operational security program, including framework and strategies designed to effectively manage operational security incidents, ensure operational resiliency, and safeguard the credit union’s assets, reputation, and member trust. Reporting to the Chief Risk Officer (CRO), this role oversees the credit union’s information security, disaster recovery, business continuity, incident response, and corporate insurance programs to ensure the organization is prepared to protect member data, respond to disruptive events, and minimize impact to members and partners. This position fosters a culture of risk awareness, member and partner service, and organizational excellence. - Serve as the organization’s Information Security Officer (ISO) and the executive owner of the credit union’s Information Security, Business Continuity, Incident Response, Operational Recovery, and Corporate Insurance functions. - Develop and maintain an operational security strategy that is commensurate with the size, complexity, and risk tolerance levels of the organization and effectively prepares the credit union to respond to, recover from, and mitigate the impact of operational security events including, but not limited to, weather events, natural disasters, data incidents, utility outages, technology outages, vendor outages, and other disruptive events. - Provide strategic leadership and oversight of processes to embed resiliency planning into strategic initiatives, product development, and technology deployment. - Partner with Corporate Communications to develop and maintain an incident communication strategy and effective coordination of incident response activities related to operational security events. - Provide strategic leadership and oversight of the credit union’s Business Continuity Plan (BCP) and incident response plans, including department-level continuity plans to ensure operational resiliency across the organization. - Provide strategic leadership and oversight of the credit union’s Business Continuity (BCP) testing strategy and execution, including tabletop exercises, ransomware exercises, simulations, and third-party vendor testing to identify potential weaknesses and improve resiliency. - Provide strategic leadership and oversight of the Information Security program to ensure the program meets regulatory expectations, is commensurate with the credit union’s cybersecurity risk profile, and serves as an effective and independent second line of defense function through policies, data classification, controls testing, oversight, and partner training. - Provide strategic leadership and oversight of the credit union’s Disaster Recovery (DR) program to ensure the program meets regulatory expectations, is commensurate with credit union’s risk profile and technical architecture and effectively prepares the organization to respond to hardware failure, malicious attacks, ransomware, or other potential threats. - Develop and maintain a corporate insurance strategy to protect the credit union’s assets, operations, members, and board members, including oversight of all insurance policies (property, liability, cyber, and specialized policies), to ensure alignment with risk appetite and enterprise risk management objectives and to provide adequate protection against evolving risk. - Provide strategic leadership and oversight of the evaluation, negotiation, and renewal of corporate insurance policies, monitor market trends and emerging risk for impact to coverage, and ensure insurance and transfer of risk is integrated into incident response processes, business impact analyses, and business continuity planning. - Establish and maintain Key Performance Indicators (KPI’s) to measure and monitor program performance. Ensure risks are managed within approved appetite for operational, reputational, and information security risk, based on established Key Risk Indicators (KRI’s). - Provide strong leadership and strategic direction to Business Continuity, Information Security, and other Risk Management leaders, and provide subject matter expertise to members of senior leadership, executive leadership, and the board of director’s risk committees. - Foster a culture of risk awareness, organizational excellence, and member service through partner training, communication, and collaboration with leaders throughout the organization, ensuring risk assessment participants, business impact analysis participants, and business continuity plan owners are aware of their role as risk partners and are supported by the Operational Security and Recovery team. - Provide monthly and quarterly risk reports to specialized risk teams, executive management teams, and board-level risk committees. Develop and provide Annual Report and Program Plan to executive management and board-level risk committees. - Serve as a member of the Operational Risk Team and/or Information Security Risk Team (ORT and/or ISRT) and other committees/working groups as assigned. - Ensure Operational Security and Recovery processes and results are well documented, maintained as current, and available for audit or examination. Participate in monthly audits and annual regulatory examinations and interact with internal auditors, external auditors, and state and federal regulators. - Contribute as a member of the senior leadership team, attend leadership meetings, participate in annual strategic planning, budgeting and prioritization processes, and provide periodic updates to the Board, its sub-committees, and other senior executives. - Manages vendor relationships We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/. Skills and Requirements - Expert in Operational Security and Resiliency – knowledge in data security, technology infrastructure, corporate insurance, and risk management - 10+ years’ experience in a senior management position, with prior direct experience leading risk management, operational security or related programs - Demonstrated understanding of operational risk, information security risk, and reputation risk. - Strong background in Cyber Security - Demonstrated understanding of laws and regulations that govern financial institutions and data security, including consumer privacy laws. - Professional certification in business continuity, disaster recovery, or similar discipline. Certification in risk management or information security is also preferred. - Financial services industry experience preferred (also open to healthcare industry) - Bachelor’s degree in business, risk management, information systems, or other relevant discipline required. A master’s degree is preferred.