Summary

We are seeking a Cybersecurity Manager to lead and grow a team responsible for performing end-to-end security and threat analysis across credit union enterprise initiatives. This role ensures that information security best practices, regulatory requirements, and risk management principles are embedded into system and business process designs.

The Cybersecurity Manager provides daily leadership and operational oversight of the Credit Union’s cybersecurity and physical access security programs. Responsibilities include implementing, monitoring, and optimizing security technologies, processes, and third-party services such as the Security Operations Center (SOC), with a strong focus on protecting member information and critical financial systems.

This role is accountable for scaling and maturing the cybersecurity function, including hiring, onboarding, and training staff; managing team operations; and aligning security initiatives with the Credit Union’s strategic objectives and risk appetite. The Manager serves as a technical subject matter expert across key cybersecurity domains—including network, application, cloud, and enterprise security controls—and works closely with the CIO, CISO, IT teams, facilities management, risk and compliance functions, and external vendors. Together, they ensure effective security controls, timely incident response, regulatory readiness, and prompt identification and remediation of cybersecurity and physical security risks.

Essential Functions

Cybersecurity Operations & Controls

1. Managing, deploying, and maintaining security infrastructure
2. Oversee daily operation of cybersecurity tools and controls (SIEM, SOC services, EDR, firewalls, IDS/IPS, IAM)
3. Conducting vulnerability, penetration testing and identifying follow-up actions to mitigate failures and address any weaknesses
4. Maintaining up-to-date knowledge on cyber-security technologies and standards while automating security controls, data and processes to ensure proper configuration, maintenance, and monitoring
5. Validates alerts, investigations, and response actions performed by the SOC
6. Serve as the subject matter expert with the ability to educate and explain common threats affecting Network, Cloud, Web and Application environments as well as best practices in the Cyber Security industry, including remediations for OWASP Top 10, CWE/SANS Top 25, CIS controls, and NIST guidelines
7. Proven ability to successfully manage projects by establishing clear goals and deliverables, adhering to deadlines, proactively managing risks, and maintaining effective stakeholder engagement and communication

SOC Oversight

1. Act as primary point of contact with SOC providers.
2. Investigate, review, and validate alerts, incident tickets, and escalations.
3. Ensure SLAs, escalation procedures, and response timelines are met.
4. Participate in investigations and coordinate responses with IT teams.

Business Continuity & Incident Response

1. Execute incident response procedures under CIO/CISO guidance.
2. Coordinate containment, eradication, and recovery activities.
3. Maintain incident documentation, timelines, and evidence.
4. Support post-incident reviews and corrective actions.
5. Support updates and maintenance of business continuity plan/program
6. Participate and lead BCP-IRP trainings and tabletop exercises

Vulnerability & Remediation Management

1. Oversee vulnerability scanning and remediation.
2. Coordinate patching and mitigation with IT operations.

Physical Access Security

1. Manage physical access control systems (badges, key cards, biometric systems) and coordinate with facilities to ensure alignment between physical and cybersecurity controls for comprehensive protection.
2. Oversee visitor management processes and ensure compliance with policies.
3. Monitor and review physical access logs for anomalies or unauthorized activity and Support investigations involving physical access incidents.

Leadership Collaboration

1. Translate strategic goals into actionable security roadmaps, initiatives, tasks and provide tactical updates and metrics to CIO.
2. Escalate risks with clear, actionable recommendations.

Third-Party Security & Tool Management

1. Manage relationships with security vendors and service providers.
2. Review SOC reports, vulnerability scans, and dashboards.
3. Assist with tool evaluations, onboarding, and integration.

Security Procedures & Documentation

1. Maintain operational procedures, runbooks, and playbooks.
2. Ensure alignment between documented procedures and practices.
3. Support audits and regulatory exams with evidence of control operation.

Required Skills and Abilities

1. Exceptional leadership, communication, and problem-solving skills required.
2. Excellent strategic and critical thinking skills.
3. Excellent verbal, written and interpersonal communication skills required.
4. Ability to provide leadership and direction in cybersecurity functions, including guiding security efforts, coordinating activities, and supporting decision-making across teams.
5. Ability to interpret, implement, and evaluate security control frameworks, such as the Cloud Security Matrix, NIST Cybersecurity Framework (CSF), and CIS Controls.
6. Ability to understand and work effectively with cloud technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
7. Ability to perform threat analysis and build threat models using industry-recognized methodologies such as MITRE ATT&CK.
8. Ability to interpret and apply data security and privacy regulations, including but not limited to PCI DSS, SOX, GDPR, and CCPA.
9. Ability to support and execute cybersecurity engineering, security operations, and incident response activities, ensuring effective and timely resolution of security events.
10. Ability to balance security policies, procedures, and best practices with operational needs to maintain a secure and efficient environment.
11. Ability to identify, recommend, and implement process improvements to enhance the maturity, efficiency, and effectiveness of cybersecurity operations and services.
12. Must work well under pressure, meeting multiple and sometimes conflicting deadlines.

Education and Experience

1. Seven or more years of cybersecurity experience, including a minimum of three years leading or managing a cybersecurity team or program.
2. Bachelor’s degree preferred, however relevant experience may substitute with Active security certification (e.g., CISSP, CISM, CISA, Security+, or equivalent)
3. Understanding of Zero Trust Architecture, endpoint security, and SIEM tools.
4. Familiarity with security controls such as Cloud Security Matrix, NIST CSF, CIS.
5. Knowledge of common Cloud Services offered (IaaS, PaaS, SaaS)
6. Experience performing Threat Analysis and modeling leveraging best in industry frameworks such as MITRE ATT&CK.
7. Understanding of various data/privacy regulations (e.g. PCI DSS, SOX, GDPR, CCPA)
8. Complete understanding of Cybersecurity Engineering/Operations and Incident Response modalities, requirements, and functions.
9. Experience with process improvement and maturing/transforming operations or services

Physical Requirements and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential function of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

1. Prolonged periods of sitting at a desk and working on a computer – 7 to 8 hours per day.
2. Light lifting, carrying, pushing and/or pulling objects up to 25 lbs.
3. Intermittent walking, bending, twisting and stooping.
4. General office environment: works generally at a desk in a well-lighted, air-conditioned cubicle/office, with moderate noise levels.  
5. Occasional exposure to raised floors, server noise, and limited hot/cold zones.

Work Location 

This position is based on-site at our Corporate Headquarters in Yuba City, CA. Hybrid work may be available depending on experience and only after successful completion of a 30-day probationary period. 

Compensation Range

The company anticipates offering  an annual salary range between $130,000 to $151,000 for this position at the time of hire. This range includes base salary (or hourly wages) and does not include possible overtime for non-exempt employees or any applicable performance-based incentives or commissions.

Annual Merit Increase

Employees are eligible for a discretionary yearly merit-based salary adjustment, based on individual performance and company results.

Comprehensive Benefits Package

We provide a robust benefits package designed to support your health, financial security, and work-life balance including:

• Medical, Dental & Vision Insurance options
• Voluntary Lines including hospital indemnity, accident, and critical illness policies
• Company Paid HRA (with enrollment in certain health plans)
• Company Paid Basic Term Life Insurance
  • Coverage at 2× annual base salary, up to a maximum of $500,000 for full-time employees
  • $25,000 for part-time employees
• Company Paid Long-Term Disability Insurance for Full-Time Employees
• Company Paid Telehealth Services Membership (Teladoc)
• Company Paid Employee Assistance Program (EAP)
• 401(k) Retirement Plan
  • Employer-funded safe harbor contribution of 3% of employee's eligible earnings
  • Discretionary employer match on employee contributions 
• Flexible Spending Accounts
  • HSA
  • Medical FSA
  • Dependent Care FSA
  • Limited Purpose FSA
• Paid Time Off
  • Vacation accruals based on status and tenure within company
  • 12 sick days accrued annually for full-time employees
  • 1 hour for every 30 hours worked for part-time employees
  • 11 paid holidays (eligible after 90 days of employment)
• Travel Expense Reimbursement
  • All necessary and work-related travel expenses will be reimbursed in accordance with company policy

The preceding list of duties does not include all tasks and responsibilities that may be required with this position. Additional tasks may be assigned, as departmental and operational needs require.