Information Security Specialist

About The Position

Requirements

• Associate degree and 4 years’ experience in vendor or risk management, or BCP; OR Bachelor's degree and 2 years’ experience in vendor or risk management, or BCP.
• General computer skills
• Microsoft Office, specifically Word and Excel
• Works well independently
• Treats all customers and fellow employees with respect
• Exceeds customer expectations
• Meets customer needs
• Maintain confidentiality of all bank records
• Conducts interactions with honest, ethical, and strong moral principles
• Performs at the highest level
• Takes responsibility for actions
• Does what is expected
• Leads by example and takes initiative
• Works as a team
• Efficiently shares information in a collaborating and proactive manner
• Pays attention to detail
• Solves problems
• Makes sound decisions
• Manages time effectively
• Prioritizes effectively
• Performs multiple tasks simultaneously
• Shows up for work and is on time
• Complies with all laws and regulations
• Completes all required training
• Adheres to Bank Values

Responsibilities

• Administers, maintains, and oversees the bank’s third-party risk management program in accordance with FFIEC and GLBA requirements.
• Conducts and documents information security due diligence for vendors, including reviews of SOC 1/2 reports, cybersecurity assessments, and risk questionnaires.
• Evaluates vendor controls related to data security, privacy, and resilience prior to onboarding and during periodic reviews.
• Ensures vendor contracts include appropriate information security, confidentiality, and business continuity requirements.
• Tracks, documents, and remediates vendor-related risks and findings, coordinating with business owners and vendors.
• Develops, maintains, and tests the bank’s Business Continuity and Disaster Recovery (BCP/DR) programs.
• Performs business impact analyses (BIA) to identify critical systems, services, and recovery requirements (RTOs/RPOs).
• Coordinates and documents annual BCP/DR tests and tabletop exercises.
• Assesses third-party vendors’ BCP/DR capabilities to ensure continuity of critical banking services.
• Supports incident response and recovery efforts during business disruptions.
• Maintains policies, procedures, risk assessments, metrics, and reporting related to third-party risk and operational resilience.
• Serves as subject matter experts on vendor risk and business continuity for the bank.
• Provides guidance and training to employees on third-party risk and continuity expectations.
• Other duties as assigned.

Benefits

• Medical, Rx, Dental, and Vision insurance
• HSA, FSA, and Limited FSA
• Employer paid and voluntary Life Insurance/AD&D
• Short-Term Disability
• Long-Term Disability
• Accident/Hospital Indemnity/Critical Illness voluntary plans
• Identify Theft Protection
• 401k with employer match
• Vacation, Sick Leave, and Holiday pay
• Tuition Reimbursement
• Gym membership discounts
• Annual payrate increases
• Incentive based bonuses