Responsible for implementation of the Bank's Information Security Program and Vendor Management Program. Responsible for overseeing the testing and monitoring of information security controls for compliance with Bank policies and regulatory requirements to ensure that Bank and customer information is properly secured.
Education: Bachelor of Science in Information Security, Computer Forensics or related field.
Licenses/Certifications: Certified Information Systems Security Professional ("CISSP"); Certified Information Systems Auditor ("CISA"); Certified in Risk and Information Systems Control ("CRISC"); Certified Information Security Manager ("CISM"); or other equivalent certification required.
Experience: At least seven years of experience in information security. Advanced knowledge (able to train and answer complex questions) of GLBA and compliance related regulations requirements and knowledge of applicable banking policies, procedures, laws, and regulations.
- Maintain the Information Security Program and related policies and procedures. Make updates based on regulatory guidance and CISP/IT Steering Committee feedback.
- Complete the annual Customer Information Security Program Risk Assessment and Report of the Information Security Officer to the Board of Directors, documenting risks, results of audits and assessments, and breaches.
- Continue to enhance the Information/Cybersecurity awareness programs for employees and customers.
- Participate in risk assessments that are performed for cybersecurity, critical technologies, applications, or devices that are implemented or revised.
- Coordinate the Bank's responses to potential data breaches according to the Bank's Incident Response Plan.
- Participate in the annual review of employee access rights to Bank systems to verify alignment with job responsibilities.
- Participate in the configuration of all Bank applications to ensure they meet the standards set forth in the Information Security Program and applicable law.
- Participate in reviewing system logs for the Bank's infrastructure to identify trends. Investigate abnormalities and exceptions to the Bank's Information Security Program.
- Review system vulnerability and penetration testing and IT audits conducted and ensure findings are sufficiently addressed.
- Participate in the design and oversight of an Identity and Access Management Program that encompasses all bank applications.
- Enhance the Vulnerability Management Program by identifying, prioritizing, and tracking vulnerabilities in the environment.
- Conduct Internal and External Information Security Tabletop Testing.
- Implement the Bank's Vendor Management Program, including coordination of annual vendor risk assessments and compliance with GLBA. Communicate with management regarding new vendor due diligence. Make policy and procedure revisions as needed.
- Participate in Business Continuity Plan (BCP) Committee meetings, oversee the BCP updates and Business Impact Analysis, and ensure that annual BCP Testing per the BCP Test Plan occurs and is adequately documented.
- Stay current with IT-related regulatory guidance and alerts and industry alerts including FS-ISAC information.
- The ability to communicate effectively and clearly, both in verbal and written communications, as well as, present information to groups of managers, employees, customers, and the general public.
- Excellent interpersonal skills.
- Excellent problem solving skills.
- Strong knowledge of the business area(s) that are being supported.
- Self-directed and motivated.
- The ability to manage multiple tasks.
- The ability to calculate figures as it relates to accounting processes.
- Strong leadership skills with the ability to supervise others.
- The ability to manage multiple tasks.
- Technical writing, to include reports, procedure manuals, articles for publication, training documents, policies and procedures, and legal documents.
- The ability to read, analyze and interpret financial statements, government regulations, professional journals, etc.
- Must have ability to analyze and solve complex problems, develop automated systems.
- Ability to respond to common inquiries or complaints from employees, customers, regulatory agencies, or members of the business community.
Certified Information Security Manager
Certified In Risk And Information Systems Control
Business Continuity Planning