Information Security Manager
About The Position
River Run is a shared services organization that supports banking affiliates, Newburyport Bank, Pentucket Bank and Rollstone Bank & Trust. The Information Security Manager (ISM) is responsible for safeguarding the organizations’ information assets and technologies as well as managing its information security strategy in compliance with regulations and applicable frameworks. The ISM works closely with the Chief Enterprise Risk Officer to develop, implement, and maintain the information security program and align the program with the organization’s strategic plan, risk appetite and overall key objectives.
Requirements
- Minimum undergraduate degree, or equivalent combination of education and experience.
- 10 years of experience or more in the banking industry.
- Certified Information Systems Security Professional (CISSP), Certified Security Information Security Manager (CISM) or similar certification highly preferred.
Responsibilities
- Continually designs, executes, manages, and improves the enterprise’s information security program including policies, procedures, daily activities, reporting, monitoring, and training of key stakeholders.
- Manages the information security analyst(s) to support the overall information security program.
- Recommends/establishes risk based administrative and technical controls to protect the confidentiality, integrity, and availability of sensitive information and information technology resources.
- Completes assessments to determine compliance with applicable laws and regulations including but not limited to a ransomware assessment, a GLBA assessment, and an artificial intelligence assessment.
- Oversees the security related activity managed by the organization’s Managed Service Provider.
- Assesses, manages, and controls risks associated with electronic data processing, ensuring incidents and anomalies are promptly identified, addressed and remediated.
- In collaboration with Operational Risk Management, help develops and maintains Information Security Incident Response Program, Cybersecurity Response, and Business Continuity Response.
- Prepares and presents to board level Joint Risk Committee and the management level Technology and Information Security Committee including but not limited to reports, risk assessments, program recommendations and updates, and policies as needed.
- Designs Information Security awareness training and social engineering testing for all employees.
- Manages information security related incidents which may require coordination with the Bank’s insurance agency, legal counsel, and other third parties assigned to assist with the incident.
- Reviews and approves all reports containing non public personal information requested from the core system.
- Serves as liaison and support for audits and examinations including issuing responses related to information security.
- Manages the third-party assessments engaged by Risk Management for internal vulnerability and external penetration tests. Supports the third-party assessments engaged by Internal Audit.
- Guides the Information Security Analyst(s) and operational risk team members completing IT Risk Assessments, System and Organization Controls reports, and other information security related tasks.
- Prepares and presents the annual Information Security training to each bank board.
- Other duties as assigned.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
