Information Security Manger

Sierra Bancorp

CA

JOB DETAILS
SALARY
$80,000–$100,000 Per Year
SKILLS
Analysis Skills, Artificial Intelligence (AI), Attorney, Bank Management, Banking Operations, Banking Services, Best Practices, Business impact analysis (BIA), Communication Skills, Communications Security (COMSEC), Community Banking, Computer Security, Computer Skills, Corrective Action, Design Evaluation, Detail Oriented, Documentation, Due Diligence, Establish Priorities, Financial Operations, Information/Data Security (InfoSec), Internet Security, Interpersonal Skills, Legal, Loans, Microsoft Office, Microsoft Product Family, Money Laundering, Multitasking, Organizational Skills, PCI-DSS, Physical Demands, Physical Security, Presentation/Verbal Skills, Problem Solving Skills, Regulations, Regulatory Requirements, Risk, Risk Analysis, Risk Management, Root Cause Analysis, Security Analysis, Security Monitoring, Technical Leadership, Time Management, U.S. National Institute of Standards and Technology (NIST), Writing Skills
LOCATION
CA
POSTED
3 days ago

JOB SUMMARY:

The Information Security Manager supports the Senior Information Security Officer and works with enterprise stakeholders, such as IT, Operations, and Enterprise Risk Management, to provide independent oversight of the organizations IT security controls, ensuring information security risks are identified, measured, monitored, and reported in alignment with regulatory expectations, internal risk appetite, and industry best practices. The Information Security Manager will have primary responsibility for managing the Banks physical security and business continuity programs.

RESPONSIBILITIES INCLUDE, BUT ARE NOT LIMITED TO:

  • Coordinate with the Director of Community Banking, branch leadership, IT, and Facilities to ensure the Bank maintains an effective physical security program at all locations.
  • Work with business leaders to develop and maintain a robust business continuity program, including business impact analysis, risk assessment, continuity and recovery strategies, training and communication, and testing.
  • Perform annual updates to the R-SAT and CRI profile. Conduct and/or review information security and IT risk assessments, including inherent risk, control effectiveness, and residual risk determinations.
  • Evaluate the design and operating effectiveness of information and physical security and controls through appropriate monitoring and testing. Partner with stakeholders to identify root cause and appropriately mitigate any identified gaps.
  • Review and maintain review of information and physical security policies, standards, and guidelines to ensure alignment with regulatory requirements and risk appetite.
  • Assists with audits and regulatory examinations, including coordinating responses, providing required documentation, and ensuring identified deficiencies are remediated.
  • Provide second-line input of third-party information security risk management, including review of vendor risk assessments, due diligence results, and cyber risk remediation.
  • Provide advisory oversight for cybersecurity incidents by reviewing root cause analysis, corrective action plans, incident trends, and systemic control weaknesses, and validating that lessons learned are incorporated into risk assessments, controls, and policies.
  • Creates or assists with the preparation of information security and physical reports for Management and Board/Board Committees.
  • Participates in IT, Security, Deposit, AI, and Lending Working Groups.
  • Works with business partners to ensure appropriate information and cybersecurity risks are considered with new products, services, delivery channels, and technology initiatives.
  • Creates or assists with the preparation of information and physical security communications and training materials.
  • Coordinate with internal stakeholders and subject matter experts, third-party vendors, and external legal counsel, as needed, to identify, report, track, and remediate issues and incidents.
  • Acts as a subject matter resource on information and physical security regulatory expectations and industry best practices.
  • Monitor for and communicate risks and potential risk mitigation strategies to address emerging threats.
  • Ensures consistent application of information and physical security policies, procedures, and regulatory requirements.
  • Performs other duties as assigned.

EDUCATION AND/OR EXPERIENCE:

Bachelors degree from an accredited college or university and a minimum of seven years of experience in financial institution operations and information/cyber security; or an equivalent combination of education and experience.

REQUIRED KNOWLEDGE, SKILL, AND ABILITY:

  • Strong understanding of security frameworks and regulatory expectations (e.g., CRI, NIST CSF, FFIEC, GLBA, CCPA, PCI DSS).
  • Demonstrated ability to assess control design and operating effectiveness.
  • Advanced technical and banking information security knowledge.
  • Advanced knowledge of bank operations, systems, products, and services.
  • Strong analytical and problem-solving skills.
  • Detail-oriented, with the ability to manage multiple tasks and prioritize work in a fast-paced environment.
  • Ability to work independently while performing duties, with excellent organizational and time management skills.
  • Advanced personal computer skills, including proficiency in Microsoft Office products.
  • Excellent verbal, written, and interpersonal communication skills.
  • Exercises awareness with regard to possible suspicious activity, money laundering, or fraudulent behavior.

PHYSICAL DEMANDS:

The physical demands described herein are representative of those that an employee must meet to perform the essential functions of this job successfully. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. While performing the duties of this job, the employee is regularly required to sit. The employee is frequently required to talk or hear. The employee is occasionally required to stand, walk, and reach with hands and arms. The employee must occasionally lift and/or move up to ten pounds. Specific vision abilities this job requires include close vision and the ability to adjust focus.

WORK ENVIRONMENT:

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, scanners, filing cabinets, and fax machines. The noise level in the work environment is usually moderate. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

Bank of the Sierra is proud to be an equal opportunity workplace and is an affirmative action employer committed to equal employment opportunities regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.

Salary Range: $80,000 - $100,000

About the Company

S

Sierra Bancorp