VP, Cyber Assurance & Defense

If you are ready to join a company that truly cares about its employees, our members, and our community then you have come to the right place!

Summary of Role:

The Vice President of Cyber Assurance and Defense is responsible for designing, operating, and maturing a comprehensive, risk‑based cyber assurance and defense program for a complex, highly regulated financial institution. This role ensures Broadview Federal Credit Union (BFCU) maintains strong defensive and offensive cyber capabilities, a robust access access governance, and measurable cyber risk reduction aligned with regulatory expectations, business strategy, and member protection.

This position is responsible for the second‑line technical cyberassurance and defense function, providing independent oversight, challenge, and assurance over controls, while partnering closely with IT, Engineering, and Business leadership. The VP will mature an evolving program into a repeatable, defensible, regulator‑ready capability suitable for CFPB‑scale supervision or a best-in-class organization.

The role requires a deep technical hands on expertise across modern security tooling, cloud and SaaS platforms, offensive security, digital forensics, SIEM/SOC operations, identity governance, and incident response combined with the ability to to translate cyber risk into business and regulatory terms.

Essential Job Functions/Responsibilities:

Cyber Assurance & Defense Leadership

• Provide oversight of the Cyber Assurance & Defense function (includes Cyber Defense and Identity Governance), encompassing:

• Defensive security monitoring and detection

• Offensive security (penetration testing, red/purple teaming)

• Digital forensics and investigations

• Identity and Access governance (IAG)

• Act as the technical security expert, independently validating initiatives/ project situations, security control design, effectiveness, and sustainability.

Program Maturity & Continuous Improvement

• Design and execute a multi‑year cybersecurity maturity roadmap addressing:

• Vulnerability and exposure management

• Security architecture and technical design reviews

• Security tool rationalization and roadmap planning

• Early warning detection capabilities using SIEM and UEBA

• Deception technologies and advanced detection engineering

• Mature security capabilities from ad‑hoc to defined, repeatable, and measurable, with regulator defensible documentation and evidence.

Cyber Defense, Detection & Incident Response (IR)

• Enhance and oversee the Cybersecurity Incident Response Team (CIRT) program, including:

• Maintain updated IR plans, playbooks, and runbooks to align with evolving threats

• Define roles and escalation paths

• Executive and regulator communication standards

• Tabletop exercises and live simulations

• Oversee forensic investigations involving:

• Endpoint, network, cloud, and SaaS platforms

• Insider threat activity

• Credential misuse and account compromise

• Ensure lessons learned are operationalized into control improvements.

• Support SVP Information Risk and Security managing incident response

Identity & Access Governance (IAG)

• Architect and lead a centralized enterprise IAG program, including:

• Encourage Role Based Access Control (RBAC)

• Least privilege enforcement

• Segregation of duties (SoD)

• Privileged Access Management (PAM)

• Assess, select, and implement user access governance platforms appropriate for financial services scale and risk.

• Centralize access risk decisions based on application criticality, data sensitivity, and regulatory impact.

Risk Identification, Assessment & Reporting

• Identify emerging cyber threats and systemic risks impacting:

• Core banking systems

• Cloud (AWS) and SaaS platforms (Microsoft 365)

• Digital channels and member facing technologies

• Translate technical findings into clear risk statements with prioritized remediation recommendations.

• Develop cyber risk metrics, KRIs, and dashboards to:

• Inform senior leadership and board committees

• Optimize investment decisions

• Demonstrate risk reduction over time

Technology, Cloud & Secure Engineering Advisement

• Review and challenge technology controls across are required:

• Network and infrastructure

• Cloud (AWS IaaS/PaaS)

• SaaS (Salesforce Shield, Microsoft 365 E5)

• DevSecOps pipelines and CI/CD tooling

• Ensure security is embedded in (security by design):

• System acquisitions

• Projects and initiatives

• Software development lifecycles

• Change and release management

• Provide guidance on secure AI usage, automation, and emerging technologies.

People Leadership & Executive Partnership

• Build, lead, and mentor a team of highly technical cybersecurity practitioners capable of:

• Threat modeling and attack simulation

• Detection engineering

• Forensic analysis

• Technology and security control validation

• Serve as a trusted advisor to leadership and peers.

• Communicate complex security concepts clearly to both technical and non technical stakeholders.

Minimum Job Qualifications:

• 15+ years of progressive, hands‑on technical information security experience in financial services or similarly regulated industries.

• Ability to deliver risk focused recommendations balancing cost and benefit

• 5+ years at a VP level or equivalent senior leadership role managing enterprise scale cybersecurity programs.

• 10+ years leading highly technical security teams, including direct involvement in:

• Forensic investigations

• Ethical hacking / penetration testing

• SIEM/SOC operations and threat analysis

• Incidence response

• ED/EXR

• Security tool implementations

• Demonstrated experience operating under FFIEC, NCUA, CFPB, NYS DFS Cybersecurity, GLBA, PCI and regulatory scrutiny.

Technical Expertise (Required)

• Network, endpoint, and application security

• Encryption, key management, and data protection

• Cloud security (AWS IaaS/PaaS)

• SaaS security controls

Certifications

• One or more of the following required:

• CISSP

• CEH

• Additional certifications (AWS Security, GIAC, OSCP) are strongly preferred.

Work Location Requirement

• Onsite in Albany, NY with a minimum of four (4) days per week.

• Hands on leadership presence is required to support teams, regulators, and critical incident response.

• SIEM/SOAR platforms and detection engineering

• Identity and access governance systems

• Microsoft 365 E5 security stack

• DevSecOps and secure SDLC practices

• Red team, purple team, and adversary simulation

• AI Security Monitoring

• AI usage in cybersecurity operations and detection

Starting Compensation: $200,000-$250,000, plus a competitive benefits package.

Bilingual individuals who are fluent in a second language in addition to English are highly encouraged to apply.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other status protected by applicable law.

Broadview FCU is committed to ensuring individuals with disabilities and/or those who have special needs participate in the workforce and are afforded equal opportunity to apply and compete for jobs. If you would like to contact us regarding the accessibility of our Website or need assistance completing the application process, please contact us at View email address on click.appcast.io