Information Security Officer

About The Position

Requirements

• Minimum of five (5) years’ experience in information security or IT risk management, preferably in banking or other financial services.
• Strong analytical and quantitative skills to assess risk, analyze data, and understand new concepts.
• Critical thinking skills with the ability to independently solve problems with data.
• Familiarity with banking regulations and compliance standards, including those set by the FDIC, FFIEC, and other regulatory bodies.
• Strong verbal and written communication skills to present findings and recommendations clearly.
• Ability to identify information security risks and develop strategies to mitigate them.
• High level of accuracy and attention to detail when analyzing data and preparing reports.
• Ability to work collaboratively with various departments, including audit and operations.
• Capacity to manage multiple projects and programs simultaneously.
• Ability to prioritize tasks and meet deadlines.

Nice To Haves

• Bachelor's degree in information security, cybersecurity, or a related field preferred.
• Professional certifications such as CISSP, CISM, or CISA preferred.

Responsibilities

• Maintain security policies, standards, and guidelines, including the overall Information Security Program, ensuring compliance with applicable laws and regulations.
• Prepare and present security reports to senior management, IT committees, and the Board.
• Ensure the IT audit program is appropriate for the risk, size, and complexity of the institution.
• Engage IT auditors and facilitate IT audits and examinations, as well as track and report findings to management, IT committees, and the Board.
• Lead user access reviews for critical systems and oversee user access evaluations of business line technologies.
• Conduct social engineering tests and implement targeted training as warranted.
• Partner with business line management to map information flows, identify vulnerabilities, and design effective protection strategies.
• Provide expert guidance on security risks inherent in new initiatives, recommending practical mitigation measures to support business objectives.
• Maintain, evolve, and test the bank’s business continuity, disaster recovery, and incident response plans to ensure operational resilience.
• Lead the incident response team during security breaches or cyber events, coordinating swift containment, investigation, and recovery efforts.
• Develop and deliver engaging security awareness training programs for employees and the Board.
• Promote a culture of security throughout the organization.
• Oversee implementation of security controls such as firewalls, encryption, and intrusion detection systems.
• Collaborate with IT teams to ensure secure system configurations, effective patch management, and continuous monitoring of vulnerability management.
• Evaluate, monitor, and proactively recommend enhancements to data loss prevention program and encryption standards.
• Review vendor complementary user entity controls and validate implementation of the appropriate internal controls.