We are currently seeking a Director, Cyber Security to join our team. The Director, Cyber Security in partnership with the VP, takes a hands-on role in providing leadership to the IT department Cyber Security Team which is closely integrated with other IT Department teams, providing technical, operational and management oversight of cyber security capabilities. The role is responsible for ensuring TCB’s cyber security strategies and tactics are developed to meet and sustain the financial services industry and regulatory best practices and are aligned across all levels in the organization. This position is responsible for both day-to-day cyber operations and cyber related projects and takes a proactive role in cyber technology strategy, development, and activation. The Director collaborates with stakeholders across the organization including all levels of management, executive leadership and the Board of Directors. This role anticipates and actively works to prevent new possible threats to ensure that member-facing, enterprise and all other forms of threats and risk to Tru Cooperative Bank services, systems and technology infrastructures are consistently mitigated with practical solutions that are an optimal balance of security, technical and business requirements. The Director provides leadership and guidance to TCB with the integration of cyber security into member-facing products and services as well as ongoing education of members related to cyber security. Here’s what would be included as a part of your typical day - Leadership: Provides leadership and strategic direction to the Cyber Security team, including recruitment, coaching, mentoring, development, and performance management activities, in accordance with established policies and guidelines. Ensures the team works effectively to achieve or exceed goals and objectives. Provides continuous evolution of the technical/operational functions and upskilling of personnel as well as the linkage and integration of cyber security strategies across the business and with members. Provides leadership of cyber security projects and provides resources as needed to project teams where cyber requirements are present. Provides effective delivery and ongoing evolution of cyber security services and capabilities. Implements, manages, and optimizes hybrid service delivery models incorporating external suppliers and resources into TCB’s cyber security functions to provide scalability of this function. - Advising: Supports the CTO, VP, Cyber Security and IT Governance in executing strategies and over-arching plans within the context of the cyber security function. Interacts and collaborates with TCB leadership and the Board of Directors with respect to business and technology risk from cyber security, privacy, compliance, and business impacts perspectives and ensure plans are in place to address any risk as needed. - Planning & Design: Ensures the continuous development, implementation, and sustainment of TCB’s enterprise cyber security architectures and technologies. Alongside the CTO, VP, Cyber Security and IT Governance helps formulate TCB’s cyber security strategy, and annual cyber security functional plan. In collaboration with IT leaders, develops and oversees the cyber security team and related operating budget. - Continuous Improvement: Oversees the identification, resolution, and optimization of existing and potential gaps in cyber security operations and technology solutions. Actively promotes and supports the critical integration of cyber security policies, guidelines and procedures designed to protect Tru Cooperative Bank from both internal and external threats. - Risk Management: As part of TCB’s Enterprise Risk Management First Line of Defense, delivers first line risk management for all aspects of cyber security. Facilitates and leads cyber security, audit, compliance and regulatory initiatives and the implementation of corrective efforts as a result of these audits. Oversees and facilitates through the team cyber security risk assessments and investigations and oversees the cyber security incident response plan. Supports all three lines of defense, including the 1B function, in the area of cyber security. - Relationship Building: Maintains strong collaboration and external relationships in the area of cyber security with key partners, suppliers, and other external organizations. Externally, represents TCB in various regulator, Credit Union system and supplier forums on Cyber Security matters. Required Skills, Experience & Qualifications - Bachelor’s Degree in IT, Computer Science, or related discipline required - Minimum of 10 years working experience in a senior IT leadership role or an equivalent combination of education and experience; experience within the financial services industry required - Minimum of 5 years leading a Cyber Security function required - Proven experience in developing, administering, and leading a Cyber Security program for mid to large financial services organizations, operating under regulatory requirements required - Proven ability to manage day-to-day operational requirements while also leading and participating in IT projects, representing cyber security requirements - Exposure to Cyber Security practices and procedures relating to data privacy and protection - Ability to establish cordial professional working relationships, communicate and effectively obtain buy-in from IT and business stakeholders for cyber security initiatives - Broad and proven expertise in the effective application of current and emerging cyber security management, strategies and best practices within the financial services industry - Strong people leadership skills to lead a cyber security team (including security operations) - Strong organizational, analytical, and problem-solving skills with keen attention to detail - Excellent negotiation and customer services skills and ability to communicate with technical and non- technical audiences - Project management and leadership - Proficiency in the use of Microsoft applications, technologies and platforms. - Working technical knowledge of current systems software, operating systems, networking protocols and standards, cyber security hardware and software/services solutions i.e. SIEM - Strong understanding of cyber security architectures, leading practices, policies, and regulations from the business perspective - Displays an understanding of risk and risk ownership by being able to demonstrate adherence to policies and procedures. Statement on AI Use: In accordance with Ontario’s Employment Standards Act, we confirm that no artificial intelligence (AI) tools are used to screen, assess, or select applicants for this position. All applications are reviewed by our recruitment team. Statement of Genuine Vacancy: This posting represents a true and current vacancy within our organization. We are actively seeking to fill this role and welcome applications from qualified candidates. What’s in it for you: First, we strive to make our team members feel genuinely rewarded. You’ll have: - Mental health coverage and resources - Customizable health benefits, as well as topped-up parental leave - Performance-based compensation, employee banking advantages and group RRSP matching - Vacation time and flexible work arrangements to support your lifestyle We are committed to providing a fair, equitable, and competitive rewards package that reflects the value an individual brings to our organization. The compensation mentioned in this job posting should serve as a guide. The total cash compensation earned may vary based on a variety of factors including bonuses and/or incentives, an individual’s skills and experience, and may correlate with performance in the role. We also provide and encourage opportunities for our employees to make a meaningful impact. After all, as a credit union we’re powered by giving back—in big ways and through small gestures. That's why we offer employees paid time off to volunteer, partner with thousands of local charities, build long-lasting relationships that help our members get ahead and commit to environmental, social and governance (ESG) practices. By joining our team, you’ll be able to elevate your potential. Wherever your own purpose leads, we’re here to support you with award-winning in-house training programs, access to LinkedIn Learning, and reimbursement for external courses to help you get ahead. Take the next step in your career as part of our team. Apply for this opportunity! Candidates, please note: if you are being considered for this role, you will be required to complete a background check, such as employment verification, credit check and criminal record check. Diversity, Equity, Inclusion & Belonging At Tru Cooperative Bank, we embrace diversity regardless of gender identity or expression, sexual orientation, religion, race, ethnicity, age, diverse ability, and any aspect that makes someone unique. Inclusion is woven through our organization, from our employee-led network groups, hiring practices and education programs that address barriers and continually grow our equitable, diverse and inclusive culture. We encourage people who are from equity-deserving groups to apply for a career with us, including women or non-binary people, persons with diverse abilities, Black, Indigenous Peoples, People of Colour and members of 2SLGBTQIA+ communities. If an accommodation would help you during the process of applying or interviewing for a career with us, please let us know how we can assist you, whether it’s preparing materials in an alternate format, booking an accessible meeting room or other arrangement. Your individuality is welcome here. About Us We’re a financial cooperative that does things differently. We provide time-tested advice that helps our members feel optimistic about their future, and we offer comprehensive banking solutions that enable people to confidently reach their goals. With the financial strength and extended branch network of a large financial institution, we maintain local connections to our communities and take a unique grassroots approach to service. Our more than 250,000 members and approximately 1,250 employees operate from 45 branches throughout the province of BC, under the Envision Financial, Valley First, Island Savings and Enderby & District Financial brands. Visit firstwestcu.ca for more information on Tru Cooperative Bank. Please know we appreciate your interest in us but only candidates selected for an interview will be contacted.

Description Salary: $115,000 - $125,000/year We are seeking a knowledgeable and detail-oriented Cybersecurity Compliance Subject Matter Expert (SME) to support our Department of State client. This role will support the continued maturation of the customer’s cybersecurity program by contributing expert guidance on cyber policy, compliance, risk management, and operational reporting. The ideal candidate combines deep compliance expertise with strong analytical and data visualization skills to support informed decision-making through metrics and dashboards. Duties and Responsibilities - Support the development, interpretation, and implementation of cybersecurity policies and procedures within a secure software development environment, ensuring alignment with applicable security framework series and federal requirements. - Serve as a cybersecurity compliance SME for U.S. Government contracting environments, maintaining up-to-date knowledge of relevant regulations, standards, and policies and advising stakeholders on their application. - Conduct risk assessments, identify security control gaps and vulnerabilities, and recommend mitigation strategies to strengthen security posture across development and operational environments. - Support compliance monitoring activities, including preparation for audits, assessments, and inspections; assist in identifying findings and contributing to remediation planning and documentation. - Collaborate with security, engineering, and program stakeholders to support the development and delivery of role-based cybersecurity training (e.g., SO, ISSO, ISSM) and security awareness initiatives. - Develop, maintain, and analyze cybersecurity compliance metrics to measure program effectiveness, control performance, and risk trends. - Design and produce cybersecurity dashboards and reports using Power BI, Excel, and related tools, translating complex compliance and risk data into clear, actionable visualizations for technical and non-technical audiences. - Support continuous process improvement by identifying opportunities to streamline compliance tracking, reporting, and documentation within a dynamic software development environment. Requirements - Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field; equivalent relevant experience may be considered in lieu of a degree. - Minimum of 8 years of experience in cybersecurity compliance, with demonstrated experience supporting U.S. Government contracting and software development environments. - Strong working knowledge of U.S. Government cybersecurity regulations and standards, including NIST, FISMA, FedRAMP, DFARS, and related frameworks. - Experience supporting security audits, assessments, or compliance reviews within federal or government-regulated environments. - Proven ability to analyze compliance and security data and translate findings into meaningful metrics, reports, and recommendations. - Proficiency in Excel (data analysis, pivot tables, charts) and experience designing Power BI dashboards or similar data visualization solutions. - Excellent written and verbal communication skills, with the ability to clearly explain cybersecurity risks, compliance requirements, and trends to diverse stakeholders. - Detail-oriented and proactive mindset with a strong focus on accuracy, documentation quality, and continuous improvement. Desired Qualifications: - Cybersecurity certifications such as CISSP, CISM, or equivalent. - Experience with Department of State FAM/FAH, including integration of requirements into system documentation, processes, and compliance artifacts. - Prior experience developing or maintaining executive-level or program-level cybersecurity dashboards. - Familiarity with SDLC-related compliance artifacts (SSP, POA&M, RA, CMF documentation, etc.). Clearance Requirement: Active Secret clearance required. The salary range for this position depends upon multiple factors including location, the individual's knowledge, skills, competencies, and experience, and contract-specific budget constraints and organizational requirements. Gunnison Consulting Group's total compensation package also includes bonus and profit-sharing opportunities, depending on company and employee performance. Available employee benefits include: - 3 weeks of Personal Leave your first year - 11 paid Holidays each year - 5 days of Flexible Time Off each year - 401(k) company match at 50% up to 10% of your salary - Medical, Dental and Vision Insurance - Life and Disability Insurance - Public Transportation Subsidies - Certifications and Training Allowance - $2,500/year! Why Join Gunnison? - Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation. - Quality is our top priority. - Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer. - There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow. - We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding. - We hire for careers at Gunnison, not to fill a position. Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time. In 1994 Gunnison began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.

• Assist in preparing and updating foundational ATO documentation under senior staff guidance (e.g., SSP sections, IRP updates, PTA/PIA drafts, CMP updates). • Support tracking and maintenance of ATO packages in ServiceNow CAM, including uploading artifacts and organizing evidence. • Support Continuous Monitoring tasks using ServiceNow CAM, updating dashboards with supervision. • Help coordinate routine security vulnerability scanning requests and compile scan outputs for review. • Participate as a note‑taker or supporting analyst during tabletop and functional IRP/ISCP/DRP exercises. • Assist with gathering data for POA&M updates and maintain documentation libraries. • Conduct initial reviews of security findings and escalate issues to senior analysts. • Help with administrative tasks related to audit preparation, evidence gathering, and compliance reporting. • Collaborate with cross‑functional teams by collecting information needed for engineering, privacy, or security reviews. • Learn and apply fundamental cybersecurity frameworks, VA security processes, and best practices.

• Proactively monitor and respond to security alerts and events from various sources, including SIEM, Cloud Security Platforms, EDR, and other technologies. • Perform detection engineering by tuning existing alerts and developing new, high-fidelity alerts based on ongoing trends, threat intelligence, and findings from past investigations. • Conduct in-depth analysis of security incidents to determine the root cause and impact, and recommend appropriate mitigation strategies. • Partner closely with various internal security teams to manage end-to-end incident response actions and collaborate on cross-functional projects for continuous security improvement. • Develop and maintain incident response playbooks, processes, standards, procedures, and SOAR workflows. • Participate in threat hunting activities to identify advanced threats and vulnerabilities. • Identify, Document, and Research Threat Intelligence Findings and Reports. • Lead and drive projects and strategic initiatives designed to proactively improve the security posture and resilience throughout the company. • Provide mentorship and guidance to junior analysts and engineers. • Assist in the evaluation and implementation of security tools and technologies. • Stay up-to-date with emerging threats, vulnerabilities, and industry best practices.