ST. PAUL, Minn. (Jan. 09, 2017) – David Townsend, Information Technology security risk manager for Affinity Plus Federal Credit Union, says you can think about information security from two perspectives: strengthening the borders, or reinforcing the core.
As 2016 closed and 2017 dawns – with daily news about hacking and security risks – the credit union’s efforts will include both.
“Our priority is to strengthen our security awareness program,” Townsend said. “Security initiatives frequently focus on a fortress mentality, strengthening the perimeter defenses. That is important, but sometimes insufficient as most modern data breaches begin with the introduction of malware into the environment, generally via phishing.
“Our goal is to leverage the solid foundation of existing work Affinity Plus has done, then mature the security controls and associated processes to take Affinity Plus to the next level,” he said.
Townsend’s role is an example of Affinity Plus’ continuing commitment to protecting member information, according to Cary Tonne, Information Technology senior vice president.
Townsend joined Affinity Plus in autumn 2016 and has spent his first months at the credit union assessing threats, and launching those initiatives to protect member information and assets.
“Dave has demonstrated what an experienced, pragmatic information-technology leader can do,” Tonne said. “We’re well positioned to face these ever-present threats.”
INTERNAL WORK PAIRED WITH MEMBER INFORMATION
Townsend’s work with Affinity Plus’ information-security team impacts every member account and personal information. Still, he doesn’t work directly with members.
“That’s what makes our team of member advisors and others around the state so important,” he said. “It’s just as vital that Affinity Plus is communicating regularly with our members about best practices, like checking their accounts regularly, setting up alerts and using the other tools Affinity Plus has available.”
Townsend has 20+ years professional experience in Information Technology. Most recently, he was Vice President and IT Security Risk Manager for Bremer Bank, Minnesota's fourth-largest bank with assets over $10 billion.
That position began as IT Security/Risk Manager in 2012, and in the role he directed the information security program to implement a comprehensive, integrated governance risk and compliance system.
Townsend developed and oversaw the IT security governance structure to reduce risks in business processes, enhance information security and comply with regulatory requirements. He ran the security monitoring and incident response group; developed risk assessments; performed impact analyses and control validation to improve system and operational security.
Prior to that role, Townsend was lead technical analyst for Ameriprise Financial Services, Inc., from 2011-2012.
From 2004-2011 he was Information Technology Director for Pulmonary and Critical Care Associates, St. Paul.
From 1998 to 2004, Townsend worked in London, England, as an IT manager, business-intelligence consultant and was owner and principal consultant of CRASH Networks, a technology management consultancy working with clients such as Oracle and Razor Fish.
Townsend attended the University of Minnesota – Twin Cities, majoring in Sociology and Computer Science and holds several certifications such as Isaca’s Certified Information Security Manager (CISM).