Information Security Officer

Orange Bank & Trust CompanyCity of Middletown, NY
$90,000 - $125,000Onsite

About The Position

The Information Security Officer (ISO) acts as an advisor to Management in the development, execution, and ongoing refinement of the Bank’s Information and Cyber Security Program. The ISO is responsible for assisting with the mitigation of information and cyber security risks, maintaining ongoing regulatory compliance, and ensuring that risks associated with the Bank’s information assets and critical business processes are effectively managed. The role requires an appropriate level of independence while maintaining close collaboration with senior management, technology leadership, and the Board of Directors.

Requirements

  • Bachelor's degree in information security, Computer Science, or related field
  • Experience in information security and regulatory compliance within financial services.
  • Professional certifications such as CISSP, CISM, CCSP
  • Minimum of 8+ years Information Security and practical hands-on experience
  • Strong understanding of security governance and risk management.
  • Excellent communication and presentation skills.
  • Ability to exercise independent judgment.
  • Strong organizational and analytical skills.

Nice To Haves

  • Knowledge of FFIEC, NY DFS, and NIST frameworks
  • 10+ years of Information Security within Financial Services

Responsibilities

  • Serve as the primary advisor to Management on information and cyber security risk management and compliance.
  • Enhance and maintain the Bank’s cyber security technology suite.
  • Ensure regulatory compliance and drive gap analysis and remediation efforts.
  • Execute information and cyber security initiatives as directed by the Cybersecurity Management Committee.
  • Monitor federal and state regulatory changes and ensure program compliance.
  • Identify and oversee remediation of security exposures and control gaps.
  • Assist with development of security incident reports and post-incident analysis.
  • Evaluate and approve outsourced security services.
  • Maintain independence and escalate concerns to senior management and the Board.
  • Monitor program effectiveness and report to the Technology Committee and Board.
  • Review internal and third-party security assessments.
  • Monitor threat intelligence and emerging cyber risks.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service