Security Program Manager Jobs in Riverside, CA (NOW HIRING)

Are you a security leader ready to drive strategy, architect modern defenses, and elevate an enterprise-wide security program? Join Orange County's Federal Credit Union as our Senior Information Security Engineer—a key, high-impact role responsible for strengthening the confidentiality, integrity, and availability of our critical systems across on-prem and cloud environments.

Be part of a mission-driven organization where your expertise directly shapes security strategy and protects our members. You'll lead meaningful initiatives, collaborate with talented teams, and help advance a modern, resilient security program.

At Orange County's Federal Credit Union, we don't just offer banking services, we create meaningful relationships that empower our members and enrich our community. With over 85 years of trust, $3 billion in assets, and 145,000+ members, we've built a reputation for excellence—and we're just getting started.

Our commitment to people, performance, and purpose has earned us the #1 spot in the Orange County Register's 2024 Best Credit Union list, and the voices of our employees have earned us the Peter Barron Stark Award for Workplace Satisfaction. When you join us, you're not just taking the next step in your career; you're joining a team that loves where they work.

Perks & Benefits:

• Health Coverage: Comprehensive benefits, including Anthem, Delta Dental, and VSP, effective from your first day.
• Financial Security: Life insurance at no cost and a 401(k) plan with an employer match up to 6%.
• Work-Life Balance: 13 days of vacation and seven (7) sick days annually and paid holidays.
• Recognition & Growth: Annual merit increases, discretionary and referral bonuses, as well as educational grants up to $1,000 per year.

What You'll Do

As a Senior Information Security Engineer, you will:

• Lead complex risk, vulnerability, and purple-team assessments to identify, validate, and remediate threats.
• Architect secure network, application, data, and cloud environments—covering AWS, Azure, DevSecOps pipelines, and enterprise platforms.
• Drive implementation of security tooling, automation frameworks, EDR/XDR, SIEM, SOAR, and secure configuration baselines.
• Partner with Engineering, Infrastructure, and external vendors to design and validate secure solutions.
• Serve on the Cybersecurity Incident Response Team, leading investigations and post-incident improvements.
• Create and maintain security policies, training, and best practices, mentoring teams on zero-trust and security-by-design principles.
• Designs, develops, and documents: (1) network security architecture and baseline configuration standards for firewalls, routers, switches, load balancers, and related network appliances; (2) device security architecture and baseline configuration standards for servers, workstations and mobile devices; (3) application and data security architecture and baseline configuration standards for databases and enterprise applications; and (4) cloud platform security architecture and baseline configuration standards for AWS and Microsoft Azure services.
• Provide expert guidance in areas such as vendor risk, cloud security, secure coding, and application security.
• Conducts and leads purple team risk and vulnerability assessments against systems and processes to ensure appropriate controls are in place, and recommends and implements controls to remediate risk findings.

What You Bring

• Bachelor's Degree in Computer Science, Information Security, Information Assurance, or related technology field.
• 7+ years of hands-on experience in enterprise information / cyber security and IT risk management.
• 3+ years of deep expertise in AWS and Azure security, cloud-native tools, and modern security architectures.
• Strong background in threat modeling, network security, vulnerability management, automation, and secure engineering practices.
• Experience with industry frameworks such as NIST, CIS, PCI DSS, FFIEC.
• Proven experience with regulations, policies, standards and framework pertaining to information and cyber security including PCI DSS standards, FFIEC guidelines on cybersecurity, CIS / NIST framework.
• Proven experience with secure coding standards and best practices; SAST/DAST/IAST tooling; API security; and integration of security controls into CI/CD pipelines (DevSecOps).
• Proven experience with virtualization and container technologies, such as VMware, Citrix Xen, Docker, or Kubernetes.
• At least one relevant certification (CISSP, GIAC, Security+, AWS Security – Specialty, Azure Security Engineer, etc.).
• Ability to influence, partner cross-functionally, and operate under urgency with sound judgment.

This position is currently hybrid-eligible, with the expectation of three days pre-assigned on-site attendance. This role requires California residency and living within a 50-mile commute of our headquarters in Santa Ana.

The targeted annual salary range is $108,895 to $136,000. Final offer will be determined based on experience, education, training/certifications and specialized skills.

Orange County's Federal Credit Union is an Equal Opportunity Employer. Pre-employment screenings, including background and credit checks, are required.