Information Security Officer

Description

Mineola, Hauppauge, or New York (Rockefeller Center), NY

ABOUT US:

Hanover Bank, The Bank of YOU - When you love your work and the people you work with, careers are made!

Embracing diversity, valuing inclusion and showing respect are the foundation upon which we build our team. At Hanover Bank, inclusion means respecting personal beliefs and appreciating that we all have perspectives that matter. We are stronger together as we move toward a shared vision of personal and corporate growth.

Whether you are just starting out or a seasoned professional, working for Hanover Bank can launch you on a path to success. With a passion for excellence, we strive to deliver exceptional service to our clients, foster a positive impact in the communities in which we work and live and help our team members achieve their professional goals.

When you work with us you are empowered, engaged and encouraged to collaborate because every voice matters, every person counts!

Job Summary

The Information Security Officer is the senior risk professional responsible for implementing, administering, and monitoring the Bank's Information Security Program. The Information Security Officer is also responsible for the Bank's Data Governance, Business Continuity, and Vendor Management Programs.

Job Duties and Responsibilities

• Develop and maintain an Information Security Program that conforms to mandates and guidelines set forth in Gramm-Leach-Bliley Act, Federal Deposit Insurance Corporation Improvement Act (FDICIA), Sarbanes-Oxley, Federal Financial Institutions Examination Council (FFIEC), Fair and Accurate Credit Transactions Act (FACTA), and the Department of Financial Services Cybersecurity Requirements (23 NYCRR 500) including Data Classification, Information Security Asset Risk Assessments, Incident Response, Monitoring, and Testing.

• Develop and maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks.

• Ensure that the Bank is adequately identifying threats, assessing vulnerabilities, determining risks, implementing control strategies to reduce risk, and monitoring/reviewing effectiveness.

• Direct the change management process to the information security program and standards, coordinate the integration of changes based on program monitoring, and incorporate Information Technology (IT) and physical security practices into the overall program.

• Develop effective information security policies and administrative, technical, and physical safeguards and standards, monitor compliance, and ensure policies and standards are implemented and operating effectively.

• Develop and administer an information security training and awareness program, inclusive of social engineering and phishing, applicable to Bank employees and customers.

• Keep abreast of and monitor regulations, technology trends, and the threat landscape, and amend the Bank's information security program accordingly.

• Coordinate Incident Response planning and reporting for information security activities.

• Develop and administer the Bank's Vendor Management Policy and Program and manage the ongoing operations related to such.

• Develop and administer the Bank's Business Continuity Plan and Program.

• Oversee the Bank's annual penetration test as performed by an independent third party.

• Perform periodic reviews of User Access Rights and Privileges.

• Periodically report to Executive Management and the Board of Directors on the Bank's information security program.

• Ensure access to information systems is controlled, both internally and externally, commensurate with the level of potential risk.

• Recommend and report on appropriate corrections and assess the implementation of such corrections.

• Evaluate and recommend changes to ensure adequate information security is provided for all information systems and peripherals.

• Manage the Bank's Data/Records Classification, Retention, and Handling Policy and Procedures.

• Coordinate with departmental management to ensure the proper classification and destruction of Bank electronic records.

• Serve as the Chairperson of the Bank's Disaster Recovery Team.

• Participate as a member of various Bank Committees as the Bank's ranking information security risk leader.

• Oversee and direct staff.

• Perform all other duties as assigned.

Education and Experience

• Bachelor's degree or equivalent experience.

• Must have 10+ years' experience in banking risk management or similar work experience in risk management.

• Must have 5+ years' experience in developing/administering a comprehensive information security program including a risk governance framework.

• Must have security certification CISM, CISSP, or equivalent.

Skills and Abilities

• Excellent analytical skills.

• Strong interpersonal skills.

• Strong oral and written communication skills.

• Must have the ability to effectively analyze and articulate risks to include recommendations.

• Strong knowledge of developing Information Security governance frameworks.

• Strong knowledge of Vendor Management including Vendor Risk Assessments.

• Strong knowledge of Business Continuity Planning including Disaster Recovery Testing.

• Strong Knowledge of the following areas: Network Security, Privileged Access Management, Cloud Security, End Point Security, Application Security, and SIEM, SOC Systems.

OUR BENEFITS:

• Medical, Dental, and Vision (including HSA, FSA & Commuter Benefits)

• Company-paid benefits to include life insurance and AD&D plus long-term disability

• Voluntary Benefits (including additional life insurance and AD&D insurance for yourself, your spouse, and/or your dependent children, Voluntary Short-Term Disability, Pet Insurance, and Legal Services)

• Supplemental Health Benefits (including Accident Insurance, Hospital Indemnity Insurance, and Cancer Care)

• Retirement- 401(k) with Company Match

• Paid Personal Time Off (PTO) & Paid Company Holidays

• Annual Bonuses

• Annual Increases

• Employee Events and Contests

Salary Range: $160,000 - $190,000

Hanover Bank is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, national origin, disability or protected veteran status.