- Management Experience
- Microsoft SQL Server
- Project Management
- Microsoft Word
The Information Security Officer position is responsible for managing the information and cyber security function within the IT department of Bank. This position defines strategy, plans and executes projects, oversees vendors (from an IT perspective), performs hands-on technology work, monitors and analyzes operational results of the technology environment, and responds to information security incidents.
Accountable for ensuring appropriate controls are in place for the security of information assets. The ISO safeguards information by seeing that security risks are identified, assessed and accurately reported. Additionally, the ISO is charged with ensuring procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines and standards. The ISO will work with the respective business units to ensure the bank meets information security regulatory standards and guidance by providing an advisory services role and acting as the focal point for security compliance related activities and responsibilities.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Responsible for the development and implementation of the Bank’s information security program, including the strategy, design and management of the security architecture, engineering and infrastructure (on-premise, vendor).
Responsible for the security operations to ensure threats, vulnerabilities, events and controls are being effectively managed.
Design and build an Incident Response Team (IRT) and response process for the Bank.
Lead the IRT for information security incidents.
Monitor the departments responsiveness to requests, problems and disasters and ensure that IT processes are followed.
Perform assessments of third party (3rd) vendors SSAE/SOC reports to ensure adequacy of controls.
Perform annual enterprise info-security risk assessments and reports.
Provide subject matter expertise for network security topics related to network, server and client technology architectures such as instruction detection and prevention, antivirus and APT, data loss prevention, firewall, Internet proxy, VPN, etc.
Develop documentation to support ongoing security systems operations, maintenance and specific problem resolution.
Evaluate and recommend new security technologies and counter measures to against threats Oversee the management of information security technologies that is the responsibility of the bank.
Develop and manage the Information Security awareness program.
Conduct information security risk assessments for presentation to internal committees and senior executives.
Policy and Project Management:
Coordinate users, Bank IT resources, and service provider staff to implement solutions that will meet or exceed customer, management and regulator expectations
Manage and own project delivery within budget, scope, quality and time requirements
Identify and manage risk and issues throughout the project
Monitor project progress, ensures deliverables are met, and communicates status to sponsors throughout the project
Create appropriate documentation for projects include task plans, resource plans, status reports, risk logs, etc.
Develop implementation test plans and assist implementation vendors with information security applications, hardware and systems testing as needed
Facilitate integration among different technical teams for planning and executing projects
Develop and implement Bank Information Security policies
Apply corporate policies to information security practices
Lead the remediation of vulnerability assessments related to technology infrastructure
Lead the development and implementation of Information Security controls and standards
Expert knowledge of Active Directory Services and Windows Server OS and SQL Server.
Expert knowledge of DNS, DHCP, SMTP, SNMP, TCP/IP, UDP.
Familiar with common security tools (Firewalls, Network Access Control, Endpoints, etc).
Familiar with penetration testing concepts.
Familiar with vulnerability management and SEIM tools.
Experience with creating technical documentation.
Proficient in Microsoft applications (Excel, Word, Project).
Familiar with a variety of the field’s concepts, practices and procedures.
Good understanding of PCI standards.
Expert project management skills.
Excellent oral and written communication skills; ability to develop polished communications for the entire bank, senior management and IT staff.
Ability to define complex problems and propose solutions.
Ability to effectively coach employees and lead and direct the work of others.
Ability to establish and maintain effective work relationships both internally and externally with employees and senior executives.
Bachelor’s degree in Computer Science, Information Technology specialty, or related field.
Minimum 5+ years information security management experience.
5+ years of department management experience.
Experience implementing IT and security infrastructure for cloud environments (ex Azure).
Banking experience preferable.
Banking/FFIEC regulatory experience preferred.
Information Security industry certifications a plus.
CISM or CISSP certification preferable.