Information Security Manager

About The Position

Requirements

• Bachelor’s degree or equivalent in Computer Science, Management Information Systems or a related field of study
• 6+ years of experience in System Security Administration or Data Security experience.
• Combination of education and experience will be considered.
• Must possess strong organizational, analytical, interpersonal, problem solving, written and verbal communication skills.
• Must be able to handle confidential and sensitive information.
• Computer proficient in MS Software, (e.g. Excel, Word, and Outlook).
• Should be familiar with Microsoft Active Directory, iSeries Administration, and JH Products.
• CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are a plus or must be obtained within a year of employment in the job function.

Nice To Haves

• Knowledge of website administration and vulnerabilities, MS SQL Knowledge,
• Ability to work with various SIEM tools (Arctic Wolf, CrowdStrike Imperva is a plus).

Responsibilities

• Manage daily information security monitoring activities and oversee responses to security alerts, incidents, and threats.
• Monitor databases, systems, and networks for suspicious or unauthorized activities and initiate corrective actions as needed.
• Review exception reports, investigate anomalies, and ensure timely remediation of deficiencies.
• Modify security configurations, access controls, and user permissions to reflect system changes, new software, or role changes.
• Supervise and direct the daily work of the Information Security Officer and Information Privacy Administrator, including task assignments, priorities, and performance guidance.
• Provide ongoing on‑the‑job training and cross‑training to ensure operational continuity and adequate backup coverage.
• Serve as escalation point for information security and data privacy issues.
• Identify potential security risks and vulnerabilities across systems, applications, and data environments.
• Conduct regular risk assessments and implement appropriate mitigation strategies.
• Monitor adherence to internal security policies, industry standards, and regulatory requirements.
• Respond to internal and external information security audit findings and coordinate remediation efforts.
• Review violations of computer security procedures and ensure corrective actions prevent recurrence.
• Monitor implementation of new systems and applications to ensure security controls are embedded in design and deployment in accordance with Bank policy.
• Confer with users, system owners, and management regarding data access requirements, security concerns, system changes, and remediation actions.
• Serve as an internal consultant on data security, business continuity, and disaster recovery matters.
• Coordinate penetration testing, vulnerability scans, and Bank‑wide risk assessments with internal teams and third‑party vendors.
• Track findings, manage remediation plans, and validate resolution.