Information Security Manger

Bank of the Sierra, CA
$80,000 - $100,000Onsite

About The Position

The Information Security Manager supports the Senior Information Security Officer and works with enterprise stakeholders, such as IT, Operations, and Enterprise Risk Management, to provide independent oversight of the organization's IT security controls, ensuring information security risks are identified, measured, monitored, and reported in alignment with regulatory expectations, internal risk appetite, and industry best practices. The Information Security Manager will have primary responsibility for managing the Bank's physical security and business continuity programs.

Requirements

  • Bachelor's degree from an accredited college or university and a minimum of seven years of experience in financial institution operations and information/cyber security; or an equivalent combination of education and experience.
  • Strong understanding of security frameworks and regulatory expectations (e.g., CRI, NIST CSF, FFIEC, GLBA, CCPA, PCI DSS).
  • Demonstrated ability to assess control design and operating effectiveness.
  • Advanced technical and banking information security knowledge.
  • Advanced knowledge of bank operations, systems, products, and services.
  • Strong analytical and problem-solving skills.
  • Detail-oriented, with the ability to manage multiple tasks and prioritize work in a fast-paced environment.
  • Ability to work independently while performing duties, with excellent organizational and time management skills.
  • Advanced personal computer skills, including proficiency in Microsoft Office products.
  • Excellent verbal, written, and interpersonal communication skills.
  • Exercises awareness with regard to possible suspicious activity, money laundering, or fraudulent behavior.

Responsibilities

  • Coordinate with the Director of Community Banking, branch leadership, IT, and Facilities to ensure the Bank maintains an effective physical security program at all locations.
  • Work with business leaders to develop and maintain a robust business continuity program, including business impact analysis, risk assessment, continuity and recovery strategies, training and communication, and testing.
  • Perform annual updates to the R-SAT and CRI profile. Conduct and/or review information security and IT risk assessments, including inherent risk, control effectiveness, and residual risk determinations.
  • Evaluate the design and operating effectiveness of information and physical security and controls through appropriate monitoring and testing. Partner with stakeholders to identify root cause and appropriately mitigate any identified gaps.
  • Review and maintain review of information and physical security policies, standards, and guidelines to ensure alignment with regulatory requirements and risk appetite.
  • Assists with audits and regulatory examinations, including coordinating responses, providing required documentation, and ensuring identified deficiencies are remediated.
  • Provide second-line input of third-party information security risk management, including review of vendor risk assessments, due diligence results, and cyber risk remediation.
  • Provide advisory oversight for cybersecurity incidents by reviewing root cause analysis, corrective action plans, incident trends, and systemic control weaknesses, and validating that lessons learned are incorporated into risk assessments, controls, and policies.
  • Creates or assists with the preparation of information security and physical reports for Management and Board/Board Committees.
  • Participates in IT, Security, Deposit, AI, and Lending Working Groups.
  • Works with business partners to ensure appropriate information and cybersecurity risks are considered with new products, services, delivery channels, and technology initiatives.
  • Creates or assists with the preparation of information and physical security communications and training materials.
  • Coordinate with internal stakeholders and subject matter experts, third-party vendors, and external legal counsel, as needed, to identify, report, track, and remediate issues and incidents.
  • Acts as a subject matter resource on information and physical security regulatory expectations and industry best practices.
  • Monitor for and communicate risks and potential risk mitigation strategies to address emerging threats.
  • Ensures consistent application of information and physical security policies, procedures, and regulatory requirements.
  • Performs other duties as assigned.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service