Information Security Administrator

SUMMARY OBJECTIVE: The Information Security Administrator (ISA) will protect the physical and information security of AmeriServ Financial, Inc. and all affiliate entities. Manage policy, procedure, and process to ensure the execution of the Company’s Information Security and Business Continuity/Disaster Recovery (BC/DR) Programs and will back-up and assist the CISO, as directed. ESSENTIAL FUNCTIONS: 1. Assist the CISO in maintaining the Company’s Information Security Program. 2. Create and maintain Information Security and Business Continuity related procedures and processes. 3. Suggest policy and procedural updates based on regulatory guidance, changes in the AmeriServ environment, and emerging threats. 4. Oversee the Company’s user access administration by the review, decision, and process of all new, transferred, and terminated employee access requests, in accordance with the IT key controls. This also includes tracking the temporary disablement of employees that are on leave. 5. Perform information security reviews of users and administrators and their appropriate access levels within applications, as per the user access/system review schedule annually approved by the Information Security Committee. 6. Perform System Security Controls (SSCs) reviews, as per the user access/system review schedule annually approved by the Information Security Committee. 7. Maintain the Required Blackout Policy by tracking all senior management and VPN users to ensure their compliance with the Policy. 8. Review daily reports and investigate and document anomalies and suspicious activity. Review real-time activity as time permits. 9. Be a member of and participate in the following Committees: Information Security Committee (ISC) Fraud Committee BC/DR Planning Committee Security Events Response Team 10. Assist the CISO in maintaining and executing a robust employee information security education and exercise plan. Includes phishing and social engineering tests. 11. Ensure that Business Continuity/Disaster Recovery (BC/DR) Plans are in place and participate in exercises as time allows. Maintain the mass communication system. 12. Work with the CISO and internal and external IT auditors in execution of Information Security-related audits. Work with the CISO to ensure remediation of audit findings. 13. Maintain a current understanding of the IT threat landscape for the financial services industry and work with the CISO to constantly update information security and business continuity strategies to leverage new technology and threat information. Ensure compliance with the changing laws and applicable regulations. Interface with peers (i.e. FS-ISAC, other FIS banks) to exchange information on emerging trends and successful practices. 14. Manage and review all documents that pertain to DLP (Data Leakage Protection) within the email system. Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.