Credit unions need qualified CISOs

Many credit unions struggle to manage the NCUA regulation that requires credit unions to have a Chief Information Security Officer (CISO) whose role is separate from the IT team.

As with many other IT roles, credit unions are unable to hire and retain qualified CISOs due to competition with big banks and fintechs. It’s the tech innovation of these competitors as well as the growing demand for tech professionals across all industries that is making it more challenging than ever for credit unions to retain and recruit talent.

As the widespread demand for talent increases, salaries also increase. Turnover is high across all fields as employees look for more flexibility, opportunities for growth and increased salaries. But IT and cyber professionals are unicorns with some seeing 50-100% salary increases.

CISOs play an important role, helping credit unions navigate the various needs that arise each year related to cybersecurity, which includes reading reports, developing cyber strategy, understanding and providing policy support, conducting tabletop exercises and training, managing board reporting and examiner support, as well as sourcing and managing vendors.

Since the COVID pandemic, credit unions have accelerated their digital transformation efforts and as more move to the cloud, various levels of support are required to ensure those cloud resources are secure.

Cybersecurity plays an integral role in credit union leadership and strategy today. Finding and retaining a full-time CISO who is able to keep up with the ever changing regulatory and cyber landscape can be difficult.

Hiring a virtual CISO is often a good strategy especially in a competitive hiring landscape. Not only can a virtual CISO provide expertise credit unions need to meet regulatory compliance requirements, they can offer high-level strategy and support that organizations can’t afford to have in-house.

Some of the services that a virtual CISO can offer include:

• Review of the organization’s existing cyber governance, and develop a Cyber Governance and Management framework
• Develop cyber strategy and cyber risk appetite
• Develop cyber policy
• Review cyber-based reporting, like vulnerability scanning, pen testing, audits, exams, SOC reporting tools and more, to develop and recommend technology and mitigation priorities
• Perform tabletop exercises to practice and coordinate what to do if a breach occurs
• Provide training for executives and board members
• Provide incident response support
• Provide examination and audit support

Despite the highly competitive war on talent, credit unions are uniquely positioned to win, in part due to CUSOs.

As shared in an article published by CUInsight, “In this financial marketplace dominated by goliath banks, credit unions stand apart due to their collaborative nature and commitment to service.”

The article states that CUSOs help credit unions compete with large financial institutions, offering several benefits including access to innovative technology, an expansion of services, and economies of scale.

According to recent research from Filene, credit unions are redeploying the credit union service organization (CUSO) model to create new avenues for growth through innovative collaboration.

As credit unions explore ways to increase capacity to meet ever-changing regulations, partnering with a CUSO and hiring a CISO could be the prudent, and effective strategy.