Chief Information Security Officer

About The Position

Requirements

• Education and/or Experience. Bachelor’s degree in business administration, accounting or data processing, or equivalent professional experience.
• 10 to 15 years of IT and/or banking experience.
• Interpersonal Skills. Must have excellent resource management, project planning, and communication skills.
• Thorough knowledge of hardware systems, system software, networks, and application software development.
• A significant level of trust and diplomacy is required, in addition to normal courtesy and tact.
• Work involves extensive personal contact with others and is usually of sensitive nature.

Responsibilities

• Responsible for the organization’s Information Security programs and policies, including Cybersecurity (develop roadmap based on FFIEC assessment), threat and vulnerability management, employee awareness and training, and Physical Security Program.
• Coordinate the maintenance of the Information Security Program (ISP).
• Preparation of those regular reports required by the program.
• Develop and coordinate training of banks employees for ISP
• Develop and implement an ongoing testing program for the ISP, testing procedures and policy.
• Maintain a Vendor Management Due Diligence Program that includes tracking of service contracts and annual reviews of Significant Vendors.
• Maintain a Business Continuity, Disaster Recovery, and Pandemic Preparedness program for the bank. In conjunction with the IT/Network Manager develop and conduct annual testing and training exercises.
• Maintain the bank’s Incident Response Plan, including training of bank employees.
• Interact with management to set policies and procedures for governance, security, and risk framework for Information Technology platforms and data protection.
• Research and monitor regulatory changes and stay abreast of effective industry best practices.
• Develop Global IT General Controls: accountable for IT change management, provisioning and access control as well as interfacing with internal/external auditors and regulators (on all IT matters).
• Develop and maintain an Information Security Strategic Plan (1 to 3 years) and assist in budgeting and execution based on strategy and determine Information Security outsourcing needs.
• Conduct independent testing and vulnerability scans to IT applications to identify possible threats and weaknesses. Report findings and monitor management’s responses and timeliness of corrective actions.
• Develop and implement an ongoing Risk Assessment program targeting information security and privacy matters.
• Monitor the Bank’s compliance with the Bank Protection Act.
• Establish and implement guidelines for the Bank’s Physical Security Program in partnership with the Security Officer.
• Conduct quarterly Information Security risk assessments for presentation the IT Steering Committee as well as the Board Risk Committee.
• Participate in bank’s management issues through standing and ad hoc committees.
• Performs other job-related duties as assigned.
• Ensure compliance in all processes with established bank policies and procedures.
• Maintain department budget that is well documented and consistent with the strategic plan of the bank.
• Stay informed of current trends affecting the financial services industry and contribute to implementing action plans to position the bank for the future.
• Establish and maintain an effective relationship with user departments, senior management and vendors.
• Develop recommendations for cost efficiencies and enhancements to products, pricing and processes by monitoring trends in technical and financial industry operations.

Benefits

• Security First Bank provides some of the most competitive, comprehensive benefits in South Dakota and Nebraska. We believe in our employees, and they deserve an environment in which they can excel, with the peace of mind that their families are well cared for. We provide a host of health benefits, financial plans, and other services designed to make life better - both at work and at home.
• Additional information about benefits is available on the careers page of the company web site.
• Specific questions about benefits for full or part time status will be answered during the interview process.