We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Broadview Federal Credit Union jobs

VP, Cyber Assurance & Defense

Broadview Federal Credit Union
United States, New York, Albany
Jun 12, 2026

If you are ready to join a company that truly cares about its employees, our members, and our community then you have come to the right place!

Summary of Role:

TheVice President of Cyber Assurance and Defenseis responsible for designing, operating, and maturing acomprehensive, riskbased cyber assurance and defense programfor a complex, highly regulated financial institution. This role ensures Broadview Federal Credit Union (BFCU) maintainsstrong defensive and offensive cyber capabilities, arobust access access governance, andmeasurable cyber risk reductionaligned with regulatory expectations, business strategy, and member protection.

This position is responsible for thesecondline technical cyberassurance and defense function, providing independent oversight, challenge, and assurance over controls, while partnering closely with IT, Engineering, and Business leadership. The VP willmature an evolving programinto arepeatable, defensible, regulatorready capabilitysuitable for CFPBscale supervision or a best-in-class organization.

The role requires adeep technical hands on expertise across modern security tooling, cloud and SaaS platforms, offensive security, digital forensics, SIEM/SOC operations, identity governance, and incident response combined with the ability to to translate cyber risk intobusiness and regulatory terms.

Essential Job Functions/Responsibilities:

Cyber Assurance & Defense Leadership

  • Provide oversight of theCyber Assurance & Defense function (includes Cyber Defense and Identity Governance), encompassing:

    • Defensive security monitoring and detection

    • Offensive security (penetration testing, red/purple teaming)

    • Digital forensics and investigations

    • Identity and Access governance (IAG)

  • Act as the technical security expert, independently validating initiatives/ project situations, security control design, effectiveness, and sustainability.

Program Maturity & Continuous Improvement

  • Design and execute amultiyear cybersecurity maturity roadmapaddressing:

    • Vulnerability and exposure management

    • Security architecture and technical design reviews

    • Security tool rationalization and roadmap planning

    • Early warning detection capabilities using SIEM and UEBA

    • Deception technologies and advanced detection engineering

  • Mature security capabilities fromadhoc to defined, repeatable, and measurable, with regulator defensible documentation and evidence.

Cyber Defense, Detection & Incident Response (IR)

  • Enhance and oversee theCybersecurity Incident Response Team (CIRT)program, including:

    • Maintain updated IR plans, playbooks, and runbooks to align with evolving threats

    • Define roles and escalation paths

    • Executive and regulator communication standards

    • Tabletop exercises and live simulations

  • Oversee forensic investigations involving:

    • Endpoint, network, cloud, and SaaS platforms

    • Insider threat activity

    • Credential misuse and account compromise

  • Ensure lessons learned are operationalized into control improvements.

  • Support SVP Information Risk and Security managing incident response

Identity & Access Governance (IAG)

  • Architect and lead acentralized enterprise IAG program, including:

    • Encourage Role Based Access Control (RBAC)

    • Least privilege enforcement

    • Segregation of duties (SoD)

    • Privileged Access Management (PAM)

  • Assess, select, and implementuser access governance platformsappropriate for financial services scale and risk.

  • Centralize access risk decisions based onapplication criticality, data sensitivity, and regulatory impact.

Risk Identification, Assessment & Reporting

  • Identify emerging cyber threats and systemic risks impacting:

    • Core banking systems

    • Cloud (AWS) and SaaS platforms (Microsoft 365)

    • Digital channels and member facing technologies

  • Translate technical findings intoclear risk statementswith prioritized remediation recommendations.

  • Develop cyber risk metrics, KRIs, and dashboardsto:

    • Inform senior leadership and board committees

    • Optimize investment decisions

    • Demonstrate risk reduction over time

Technology, Cloud & Secure Engineering Advisement

  • Review and challenge technology controls across are required:

    • Network and infrastructure

    • Cloud (AWS IaaS/PaaS)

    • SaaS (Salesforce Shield, Microsoft 365 E5)

    • DevSecOps pipelines and CI/CD tooling

  • Ensure security is embedded in (security by design):

    • System acquisitions

    • Projects and initiatives

    • Software development lifecycles

    • Change and release management

  • Provide guidance onsecure AI usage, automation, and emerging technologies.

People Leadership & Executive Partnership

  • Build, lead, and mentor a team ofhighly technical cybersecurity practitionerscapable of:

    • Threat modeling and attack simulation

    • Detection engineering

    • Forensic analysis

    • Technology and security control validation

  • Serve as atrusted advisorto leadership and peers.

  • Communicate complex security concepts clearly to bothtechnical and non technical stakeholders.

Minimum Job Qualifications:

  • 15+ yearsof progressive, handson technical information security experience infinancial services or similarly regulated industries.

  • Ability to deliver risk focused recommendations balancing cost and benefit

  • 5+ yearsat a VP level or equivalent senior leadership role managing enterprise scale cybersecurity programs.

  • 10+ yearsleading highly technical security teams, including direct involvement in:

    • Forensic investigations

    • Ethical hacking / penetration testing

    • SIEM/SOC operations and threat analysis

    • Incidence response

    • ED/EXR

    • Security tool implementations

  • Demonstrated experience operating underFFIEC, NCUA, CFPB, NYS DFS Cybersecurity, GLBA, PCI and regulatory scrutiny.

Technical Expertise (Required)

  • Network, endpoint, and application security

  • Encryption, key management, and data protection

  • Cloud security (AWS IaaS/PaaS)

  • SaaS security controls

Certifications

  • One or more of the following required:

    • CISSP

    • CEH

  • Additional certifications (AWS Security, GIAC, OSCP) are strongly preferred.

Work Location Requirement

  • Onsite in Albany, NY with a minimum of four (4) days per week.

  • Hands on leadership presence is required to support teams, regulators, and critical incident response.

  • SIEM/SOAR platforms and detection engineering

  • Identity and access governance systems

  • Microsoft 365 E5 security stack

  • DevSecOps and secure SDLC practices

  • Red team, purple team, and adversary simulation

  • AI Security Monitoring

  • AI usage in cybersecurity operations and detection

Starting Compensation: $200,000-$250,000, plus a competitive benefits package.

Bilingual individuals who are fluent in a second language in addition to English are highly encouraged to apply.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other status protected by applicable law.

Broadview FCU is committed to ensuring individuals with disabilities and/or those whohave special needs participate in the workforce and are afforded equal opportunity to apply and compete for jobs. If you would like to contact us regarding the accessibility of our Website or need assistance completing the application process, please contact us at talentacquisition@broadviewfcu.com

Applied = 0
MORE JOBS LIKE THIS

(web-77cf7d65c7-llqmg)