Information Security Specialist

About The Position

Requirements

• At least eight (8) years of experience in a combination of risk management, information security and IT or related service role.
• Employment history must demonstrate increasing levels of responsibility
• In-depth working knowledge of project management standards.
• Bachelor's or Master's Degree in Computer Science, Business Administration, or other related field. Or equivalent work experience.
• Excellent written and verbal communication skills.
• Ability to analyze and solve problems.
• Must have a valid driver's license and proof of insurance.
• Ability and willingness to travel to various locations and prospective facilities.
• Ability to work effectively in a diverse work group.
• Analytical ability to gather and summarize data for reports.
• Demonstrated ability to effectively interact with employees, vendors, and management.
• Ability to prioritize and organize.

Nice To Haves

• Certifications desired: SECURITY +, CISA, CRISC, CISM, CISSP, ITIL.

Responsibilities

• Collaborate, implement, and monitor a comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.
• Collaborate, maintain, and publish up-to-date information security policies, standards, and guidelines.
• Oversee the approval, training, and dissemination of security policies and practices.
• Collaborate, manage, and communicate information security and risk management awareness training programs for all employees, contractors, and approved system users.
• Work directly with the bank to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the bank on identifying acceptable levels of residual risk.
• Provide regular reporting on the status of the information security program to business owners and/or Information Security Manager/Officer.
• Maintain an information security management framework based on the Gartner Business model and ITIL.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to data security, privacy, risk management, compliance, and business continuity management.
• Perform related duties and fulfill responsibilities as required.
• Monitor Identity Management service catalog.
• Monitor Patch Management process.
• Maintain an information security advisory role and relationship with bank users.
• Keeps abreast of new procedures and technology implemented by the technology department.
• Ensure that all software is legal.
• Report any instances of abuse to management.
• Support third-party oversight and monitoring processes, including security assessments of the bank's vendors and service providers.
• Stay up-to-date with industry trends and regulatory requirements related to technology governance, risk, and compliance.
• Perform day-to-day activities consistent with safe and sound business practices and regulatory requirements.
• Other duties as assigned by the Information Security Manager/Officer.