Information Security Officer

The Information Security Officer is responsible for overseeing and reporting on the management and mitigation of information security risks across the Bank and is accountable for the results of this oversight and reporting, and for implementing the Bank's Information Security Program and related information security strategy and objectives, as approved by the Board of Directors.

PRIMARY DUTIES/RESPONSIBILITIES:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

• Oversees and reports on the management and mitigation of information security risks across the Bank reporting directly to the CEO.

• Implements the Bank's Information Security Program and related information security strategy and objectives, including the Interagency Guidelines Establishing Information Security Standards (Information Security Standards) and the Gramm-Leach-Bliley Act (GLBA).

• Ensures that access control of data is assigned to the appropriate Data Owners and reviews of access control are performed by those designated data owners.

• Review and approve security exception requests that expose the Bank to organizational risks (Firewall requests, website access, etc.).

• Reviews and writes privacy and GLBA related policies and procedures and submits annual reports to the Board of Directors detailing privacy and GLBA issues.

• Monitors and addresses current and emerging risks, and advises the Bank's Chief Technology Officer, Technology Committee, and Executive Management in developing and implementing information technology architecture safeguard strategies and controls to mitigate risks and accommodate current and future organizational needs.

• Conducts ongoing information security compliance monitoring activities, performs safeguarding customer information risk assessments for all areas of the Bank and works with personnel throughout the Bank on identifying acceptable levels of residual risk.

• Participates in major information technology projects of the Bank assuring that effective processes for information technology risk management, including those that relate to cybersecurity, are in place.

• Engages with management in lines of business to understand new initiatives, provides information on the inherent information security risk of these activities, and outlines ways to mitigate the risks.

• Champions security awareness and training programs of the Bank.

• Participates in industry collaborative efforts to monitor, share, and discuss emerging security threats, maintains advanced knowledge and awareness of financial industry technical status and trends.

• Participates as a member of the Incident Response Team in the event of a technology incident, assists in the establishment of procedures to address security incidents and partners with members of management to investigate and resolve potential security breaches.

• Serves on the Bank's Technology Committee and Technology Steering Committee to assist in defining information security objectives, and provide strategic and visionary planning, risk management, resource allocation, monitoring of the information security landscape, and evaluation of the status and success of projects.

• Reports significant security events to the Board of Directors, Technology Committee, Chief Technology Officer, Executive Management, government agencies and law enforcement, as appropriate and works with the Bank Secrecy Act Officer and Bank Security Officer in the completing and filing of Suspicious Activity Reports (SARs) if warranted.

• Responsible for the enterprise-wide Business Continuity Planning (BCP) including the established and validation of policies and procedures to restore business critical services of the Bank in the event of a disaster or event. Ensures that each department or division has an up-to-date appropriate plan.

• Develops, implements, and monitors information security policies and controls to ensure data integrity, security, systems performance, and legal and regulatory compliance. Must ensure compliance with internal and external audit requirements. Must maintain advanced knowledge of cyber security issues, requirements, laws, and trends.

COMMITTEES

• Management Team

• Technology Committee

• Technology Steering Committee

• TCAB Committee

Qualifications

EXPERIENCE REQUIREMENTS:

• Work experience must consist of information systems management and GLBA compliance experience in the financial services industry.

• Experience in financial services industry regulatory audits & examinations is preferred.

• Education experience, through in-house training sessions, formal school, or financial industry related curriculum, should be business or financial industry related.

EDUCATION REQUIREMENTS:

• Bachelor's degree with related experience and/or training. Master's degree is a plus.

• Professional security management certification as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials are preferred.

OTHER REQUIREMENTS (SKILLS, ABILITIES, CHARACTERISTICS):

• Advanced knowledge of Bank operations, related state and federal laws, rules and regulations and other Bank operational policies and procedures.

• Mastered experience, knowledge and training in progressively responsible information technology department operations, management and supervisory activities.

• Demonstrates strong business judgment and decision-making skills; ability to identify, prioritize and articulate highest impact initiatives.

• Excellent interpersonal skills, enabling the individual to successfully motivate and work with a diverse group of people. Enjoys working in a collaborative, team-based environment.

• Excellent organizational and communication skills. Must be able to explain technical concepts in simple terms to colleagues without a technical background.

• High level of problem-solving skills enabling individuals to take responsibility and/or risk to resolve situations where the outcome will reflect our commitment to quality and client satisfaction.

• Effective budget management.

• The Information Security Officer's success depends on the ability to work with executive leadership, key stakeholders, technical teams, business analysts, consultants, auditors, and vendors to manage projects, find solutions, maximize quality, and ensure security and compliance.

ADDITIONAL INFORMATION

SUPERVISORY RESPONSIBILITY: No

WORKING CONDITIONS: Normal office environment

EOE disability/vet