Vendor Jobs

About The Position

Requirements

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field
• Minimum of fifteen (15) years of experience in information security, including at least 3 years in a leadership role within the financial services sector
• Comprehensive understanding of: FFIEC guidelines, Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS)
• Familiarity with cybersecurity frameworks such as: The Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO) 27001
• Strong leadership and strategic planning abilities
• Excellent analytical and problem-solving skills
• Effective communication skills, both written and verbal, with the ability to convey complex security concepts to diverse audiences
• Proficiency in information security technologies and best practices
• Familiar with Cybersecurity related systems

Nice To Haves

• A relevant Master's degree or MBA is preferred
• Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM), and other relevant certification(s), or willingness to obtain CISSP and CISM within one year, preferred

Responsibilities

• Develop and execute a robust information security strategy aligned with the Bank's objectives and regulatory requirements
• Serve as the primary liaison for FFIEC-related activities, ensuring full adherence to federal guidelines and industry standards
• Oversee the establishment and enforcement of security policies, standards, and procedures
• Identify, assess, and mitigate information security risks through continuous monitoring and risk assessments
• Update and maintain security policies in response to evolving threats and regulatory changes
• Lead the incident response team in effectively managing security incidents to minimize impact and restore operations promptly
• Direct the design and implementation of secure network architectures and security solutions
• Evaluate and monitor third-party service providers to ensure compliance with the bank's security standards
• Develop and administer information security training programs to educate employees on cybersecurity best practices
• Collaborate with internal and external auditors, facilitating examinations and implementing recommendations
• Stay informed of the latest cybersecurity trends, threats, and regulatory developments to enhance the bank's security posture
• Keep abreast of changes in banking regulations, cyber security threats, FDIC/FFIEC standards, and privacy laws and regulations
• Complete information security projects and implement new tools
• Research new data security trends, keep up to date with current events and new threats in data security and participate in relevant training courses
• Provide assistance to Internal Audit and regulators with IT-related requests
• Lead in performing due diligence reviews of key new vendors and make meaningful recommendations on whether the new vendor meets the Bank’s data security standards
• Lead in performing due diligence reviews of new products and services and make meaningful recommendations to improve data security needs
• Serve as a member of the Enterprise Risk Management Committee, New Activities Risk Committee, Information Technology Steering Committee, and others as assigned
• Serve as the Chair of the Information Security Risk Management Committee

Benefits

• 401(K) with a company match of up to 6%
• ESOP employer match
• Medical insurance
• Dental insurance
• Vision insurance
• Cancer/Disease insurance
• Accident insurance
• Flexible Spending Accounts
• Flexible Savings Accounts
• Health Savings Accounts
• Bank paid Life/AD&D insurance
• Voluntary Life/AD&D insurance
• Bank paid Short-Term and Long-Term Disability insurance
• Employee Stock Purchase Plan
• Employee Assistance Program