Information Security Officer

Exact compensation may vary based on skills, experience and/or education, and location. This position is also eligible for an annual bonus.

SUMMARY

The Information Security Officer (ISO) is a strategic role within Information Security that plays an integral part in the security and resilience of the bank's information systems and data assets. Reporting directly to the Chief Information Security Officer (CISO), the ISO is responsible for implementing and maintaining robust information security policies, procedures, and controls to mitigate risks and comply with regulatory requirements. The ISO is responsible for identifying, assessing, and reporting information security risks. The ISO must also have extensive knowledge and understanding of business processes and mitigation strategies to address identified risks in technology and business processes through direct involvement with the business units.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Acts as the primary security advisor to the business units and responsible for innovating and optimizing security that aligns with the enterprise's risk posture.

• Provides leadership to ensure effective implementation of information security policy, standards, and specifications for the business in alignment with the enterprise Information Security Program and to ensure compliance with regulatory requirements such as GLBA and FFIEC guidelines.

• Manages the Data Security Program including Data Classification, Data Loss Prevention, and review of Data Access Permissions.

• Conducts comprehensive risk assessments of information systems, applications, processes, and infrastructure to identify security vulnerabilities, threats, and risks.

• Analyzes and prioritizes risks, security trends, emerging threats, cyber-crimes, security third-party vendor risks, and collaborate with stakeholders to develop risk mitigation strategies and action plans.

• Regularly reviews and update risk assessment methodologies and frameworks to align with evolving business objectives and emerging security threats.

• Manages the Cybersecurity Incident Response Program and maintain standard operating procedures (SOPs) to respond to cyber events.

• Develops and reports on key performance indicators (KPIs) and metrics related to Information Security and incident response.

• Maintains and provides compliance evidence for audits, internal requests, and other appropriate business needs.

• Manages of security vendor contracts, renewals, and subscriptions.

• Manages and maintains the Governance Risk and Compliance platform for Information Security.

• Performs Vendor Security reviews to ensure vendors meet security standards.

• Complies with and stays abreast of all policies and procedures, federal and state laws applicable to the job.

• Provide, present, and promote the Citizens Experience to all external and internal customers.

• Other duties as assigned.

SUPERVISORY RESPONSIBILITIES

The job has no supervisory responsibilities.

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

EDUCATION and/or EXPERIENCE

Bachelor's degree (B.A.) from four-year college or university; or four years related experience and/or training; or equivalent combination of education and experience.

LANGUAGE SKILLS

Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, governmental regulations, or complex technical documents. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.

MATHEMATICAL SKILLS

Ability to work with mathematical concepts such as probability and statistical inference. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations and interpret and draw bar graphs.

REASONING ABILITY

Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

COMPUTER & SOFTWARE SKILLS

A qualifying individual should also have experience with security technologies, such as firewalls, intrusion detection/prevention systems, endpoint protection solutions, data loss prevention solutions, and encryption solutions.

CERTIFICATES, LICENSES, REGISTRATIONS

• Certified Information Security Manager (CISM)
• GIAC Security Leadership (GSLC)
• GIAC Certified Incident Handler Certification (GCIH)
• Certified Incident Handler (ECIH)

OTHER SKILLS and ABILITIES

• Strong written and verbal communication skills.

• The ability to interact professionally and effectively with all levels throughout the Bank.

• Proven effectiveness in leading and directing the work of others.

• Ability to work an ad-hoc flexible schedule as necessary.

• This position may require the candidate to travel approximately 5% of the time.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the associate is regularly required to talk or hear. The associate is frequently required to stand; walk; sit; and use hands and fingers to handle or feel. The associate is occasionally required to reach with hands and arms, and stoop, kneel, crouch or crawl. The associate is regularly required to operate a computer keyboard, mouse, calculator and telephone and reach with hands and arms. The associate must occasionally lift and/or move up to twenty-five (25) pounds.

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an associate encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The work environment is usually moderate.

Salary Range:$127,475.00 To 184,838.00 Annually

40 hours per week.