HRTMS Job Description Management 
| VP Cybersecurity Engineering and Operations Job Description | | |
. JOB INFORMATION | Title: | VP Cybersecurity Engineering and Operations | Officer Title: | Vice President | Grade: | 36 | FLSA Classification: | Exempt | Date Last Edited: | 3/26/2026 | Reports To: | Sr Vice President Technology Services | Department: | IT | URL Link | https://hvfcu.jdxpert.com/ShowJob.aspx?EntityID=2&jobcode=1249 | | | | PRIMARY FUNCTION | | | | The VP Cybersecurity Engineering and Operations is a high-level role that bridges the gap between deep technical defense (Engineering) and real-time response (Operations). Responsible for implementing the strategic vision and execution of our technical security defenses. Oversee a dual function organization: security engineering, which builds and integrates security into our infrastructure, and security operations (SecOps), which monitors, detects, and responds to active threats. Serve as a "player-coach" who can discuss high-level risk with senior leaders in IT and business while deep-diving into architecture reviews, tools, and methodologies with engineers and operations. | | | | | | |
ESSENTIAL JOB DUTIES AND RESPONSIBILITIES | | • | Lead the design and implementation of automated security controls across Cloud (Azure) and On-Prem environments. Partner with DevOps and Product teams to integrate security into the CI/CD pipeline (SAST, DAST, and container security). | • | Own the security stack (SIEM, EDR, IAM, etc.), ensuring tools are not just purchased, but deeply integrated and optimized. Own and accountable for Vulnerability and Patch Mgmt. program, metrics and reporting | • | Manage the 24/7 Security Operations Center (SOC) to ensure high-fidelity alerting and rapid triage. Serve as the executive lead during major security incidents, managing technical resolution and communication to stakeholders. Lead monthly tabletop or testing exercises. Provide Executive level reporting and metrics. | • | Develop a 1–2-year technical security roadmap that aligns with business growth and the evolving threat landscape. Partner with Security Architecture, Risk, and Training teams to mature cyber security | • | Create and implement standards and procedures support Security functions in alignment with our Security policies. | • | Manage security tool budget, balancing headcount, vendor costs, and capital expenditures | • | Build, recruit, and retain a world-class team of security engineers and operations | • | Own the various 3rd party vendors we use to provide services such as SOC, Pentest, Phishing/Vishing, and Vulnerability & Patch. | • | Oversee the maintenance and enforcement of SDLC and ITSM processes, change management procedures, departmental standards, style requirements and all other procedures necessary for data and system integrity. |
• | Adhere to all Credit Union policies, procedures, and regulatory agency requirements. Participate in all required and recommended training and development including, but not limited to, Bank Secrecy Act training (BSA) and demonstrate attained knowledge. Participate on Credit Union teams, projects and strategic initiatives when the opportunity arises. Perform additional duties and special projects as assigned. | • | Embrace and apply HVCU’s guiding principles to all activities and responsibilities. This includes the Credit Union’s Mission, Vision, Core Values, Employee and Member Value Propositions, Sales and Service Model, and commitment to Lean Six Sigma practices. Support the Credit Union’s initiatives by demonstrating teamwork and professionalism. | • | Responsible for regular and predictable attendance including punctuality. |
EDUCATIONAL REQUIREMENTS | Education Level | Education Details | Pref | Req | Bachelor’s Degree | Computer science, information technology, or a related field | | X |
LICENSES AND CERTIFICATIONS | Licenses/Certification Details | Pref | Req | ITIL v3 or v4 foundation (or within 1 year of joining) | | X | Certified Information Technology Manager (CITM) or comparable (within 1 year of joining) | X | | Certified Information System Security Professional (CISSP) or GIAC Security Operations Manager (GSOM) or CIAC Security Leadership (GSLC) | X | |
WORK EXPERIENCE | Experience | Experience Details | Pref | Req | Minimum 15 Years | Progressive IT experience | | X | Minimum 10 Years | Managing Security teams support a 24/7/365 environment | | X | Minimum 8 Years | Managing 3rd party technology providers or Consultants | | X | Minimum 5 Years | Project Mgmt. Experience (perf in Agile methodologies) | | X | Minimum 1 Year | Budget Mgmt. | | X | | Experience in ITIL Practices (Vuln & Patch, Change, Asset, Incident, Service Request) | | | | Experience in common enterprise tools (SIEM – Sentinel/Crowdstrike, SOAR, XDR, EDR - Defender, NDR/NTA, Email Security, Firewalls – Palo Alto, IAM – CyberArk | Sailpoint | Entra ID) | | | | Experience in common security testing practices (Phishing test, PenTest, Tabletop exercises - - Experience in common security testing practices (Phishing test, PenTest, Tabletop exercises) - | | |
KNOWLEDGE, SKILLS, AND ABILITIES | | • | Strong knowledge in NIST or SOC2 or ISO 27001 | • | Knowledge in Automation (Python, Go, Bash) and Infrastructure as Code (Terraform) | • | Ability to multi-task and handle varying deadlines within a fast-paced work environment. | • | Ability to think and act strategically and proactively. | • | Must have advanced analytical, communication and interpersonal skills. | • | Ability to think and plan strategically. |
| | PHYSICAL DEMANDS | Frequency | Physical Demand | Weight (lbs.) | Frequently | Sit for prolonged periods of time | | Frequently | Required to communicate verbally | | Frequently | Normal range of vision and hearing abilities required | | Rarely | Lift and/or move objects | 25 | Occasionally | Travel outside of work location to attend meetings and training programs | | Occasionally | Travel outside of work location to meet with prospective applicants and members | | Occasionally | Travel outside of work location to provide applicable technical/physical support | | Occasionally | Travel outside of work location to cover in other locations and to attend meetings and training programs | | Frequently | Required to skillfully operate a computer, telephone and other standard office equipment | | Occasionally | Manual and finger dexterity required | | Frequently | Work extended hours, including evenings, weekends, and holidays as needed | | Frequently | Be on call and work extended hours as requested | | Frequently | Able to respond to after-hours calls for maintenance/technical issues | | Frequently | Accommodate a flexible schedule to meet branch needs including evenings and weekends as well as providing coverage to other branch locations. | | Frequently | Accommodate a flexible schedule to meet business needs including evenings and weekends. | | Frequently | Works rotating shifts as needed and has flexibility to work additional hours including nights, weekends and holidays as required. | | | | | |
| WORK ENVIRONMENT | | • | Typically the noise level in the work environment is low to moderate. | • | May experience occasional job stress in dealing with difficult situations and/or high volume. | • | High energy, high impact atmosphere. | • | Standard office equipment including, but not limited to, a computer, telephone, copy/fax machines, etc. | • | There are no significant hazardous conditions. |
| Title: | VP Cybersecurity Engineering and Operations | | View Competencies | | | | |
COMPETENCIES | Name | Description | Prof | Behavior Statements | Leadership | Leads people towards meeting the organization’s vision, mission, and goals. Provides an inclusive workplace that fosters diversity, development, teamwork and continuous improvement. | Level 3 | 1. Builds and manages workforce based on organizational goals and budgetary considerations. Drives ongoing workforce planning and succession to support future vision. 2. Develops networks and builds alliances; collaborates across boundaries to build strategic relationships and achieve common goals. 3. Looks towards the broadest possible view of an issue or challenge. Discusses multiple aspects and impacts of issues and projects them into the future. 4. Nurtures growth and development; promotes organizational learning within and across business units by providing challenging and stretching tasks and sharing key experiences. 5. Projects competence and composure. Communicates with credibility. Demonstrates situational- and self-awareness. | Results Driven | Drives critical activities to completion. Meets organizational goals and customer expectations. | Level 3 | 1. Conducts ongoing organizational unit performance and risk analysis, recognizing strategic opportunities for success as well as potential risks. Adjusts strategies to address opportunities as well as potential risks to ensure attainment of business unit targets. 2. Evaluates organizational benefits and impacts of regulations. Creates standards and business processes to ensure regulatory compliance. 3. Leads organizational units to drive critical activities to completion. Demonstrates how units contribute to organizational results. 4. Sets operational productivity measures in terms consistent with business strategy. Defines responsibilities and processes for monitoring, communicating progress, and measuring results. | Resiliency | Adapts positively to changing environments in order to achieve business results. | Level 3 | 1. Encourages new ideas and innovations; designs and implements new or cutting edge programs/processes. 2. Establishes programs that result in continuous improvement through innovation and lean thinking. 3. Guides others to understand and accept change more readily. Directs team through ambiguity to ensure ongoing success. 4. Leads a continuous cycle of innovation that incorporates feedback and lean thinking to improve future initiatives. 5. Remains in touch with the evolving needs and demands of the market and looks for trends and new ideas that might affect the organization. | Service Excellence | Consistently incorporates Hudson Valley's member and employee value proposition, reinforcing organizational culture and brand differentiators. | Level 4 | 1. Champions culture, establishes clear organizational values, vision and strategy. 2. Creates the organization's business model and competitive position in the marketplace. Effectively communicates model to drive understanding and action throughout the organization. 3. Delivers upon the member value proposition by providing a product line that meets and exceeds expectations. 4. Enhances brand awareness by keeping messages focused and consistent with the business strategy. Leads through principled and consistent communications even when addressing difficult subjects. | Strategic Visioning | Takes a long-term view and builds a shared vision within the organization; acts as a catalyst for organizational change. Influences others to translate vision into action. | Level 3 | 1. Facilitates cross-boundary communication to surface and resolve issues proactively. 2. Leads the organization to develop and translate strategy into operational goals and priorities. 3. Modifies the organizational structure to address strategic leadership and talent needs. 4. Sees beyond short term commitments to a long-term competitive, sustainable position. 5. Stays in touch with the evolving needs and demands of the market and looks for trends and new ideas that might affect the organization. |
|