Information Security Officer
About The Position
The Information Security Officer is responsible for developing, implementing, and maintaining a comprehensive information security program that safeguards the confidentiality, integrity, and availability of the bank's information systems and customer data. This role oversees the creation and enforcement of policies, procedures, and controls related to electronic data processing and cybersecurity, ensuring compliance with regulatory requirements and industry standards. This position serves as the primary point of contact for information security matters, collaborates with other departments to identify and mitigate risks, and reports annually to the Board of Directors on the effectiveness of the information security program. The Information Security Officer also leads efforts to educate staff on security awareness and best practices, ensuring the bank remains resilient against evolving threats and vulnerabilities.
Requirements
- 7-10 years of progressively more responsibility in Information Security\Information Technology, Risk Management, or IT Audit Experience.
- CISA, CISSP, CISM, CRISC certifications or equivalent experience and willingness to obtain and expand certifications.
- Experience developing, implementing, and maintaining enterprise-wide security programs and policies.
- Working knowledge of regulatory requirements and laws, such as, but not limited to, GLBA, FFIEC, and SOX.
- Familiarity with security architectures, cloud security, SIEM, IAM, and penetration testing.
- The ability to explain complex cybersecurity issues to non-technical audiences, facilitating informed decision-making, and fostering a culture of security awareness.
- Strong written and verbal communication, interpersonal, time management, and organizational skills.
Responsibilities
- Develop and implement information security strategies, including vulnerability assessments and penetration testing, and cybersecurity awareness and training.
- Assist in reviewing and updating the Bank's Information Security (IT) Risk Assessment. This includes incorporating new systems/processes into risk assessment. Ensure control assessments are assigned and completed promptly.
- Assists in the preparation for external audits, regulatory exams, and third-party vulnerability assessments and penetration testing.
- Chairs the Bank's Information Security Committee.
- Responsible for maintaining the Bank's Information Security Incident Response Plan. Coordinates incident response activities as needed.
- Engage independent third parties to conduct testing of key controls and systems. Provides updates to the Information Security Committee, the Audit Committee, and the Board of Directors.
- Work closely with the Managed Services Provider on remediation of vulnerabilities and information security efforts.
- Conduct risk assessments, identify vulnerabilities, and recommend mitigation strategies to reduce risk to the bank's information assets.
- Assist with the vendor management processes related to information security, including due diligence and ongoing monitoring of third-party service providers.
- Work closely with Enterprise Risk Management and Internal Audit.
- Ensure staff receive regular security awareness training and maintain documentation of training completion
- Work closely with IT, Risk, Compliance, and other departments to ensure comprehensive coverage of information security across the organization
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Industry
Credit Intermediation and Related Activities
Education Level
No Education Listed
Number of Employees
251-500 employees
