Summary Job Description:
The Information Security Officer (ISO) is responsible for overseeing and reporting on the information security risks and managing those risks through monitoring and maintaining the Information Security Program. Under this program, the ISO will coordinate with Management to ensure that the availability, integrity and confidentiality of customer and business information in compliance with the Bank’s information security policies.
To ensure appropriate segregation of duties, the ISO will report directly to the Chief Risk Officer but will work closely with various members of the Information Technology (IT) Department including the Chief Technology and Information Officer, the Network and Support Manager, and the Network Engineer. In this role, the ISO will serve as a member of the Information Technology Steering Committee.
Description of Job Duties:
- Coordinate development of the information security strategy and objectives, including strategies to identify, measure, monitor and control current and emerging risks.
- Maintain appropriate policies, standards, and procedures to support the information security program.
- Complete IT risk assessment related documentation consistent with regulatory expectations.
- Participate in assessing the effect of security threats or incidents on the various lines of businesses.
- Engage with Management in the lines of business to understand new initiatives,
providing information on the inherent information security risk of these activities, and outlining ways to mitigate the risks.
- Work with Management in the lines of business to understand the flows of
information, the risks to that information, and the best ways to protect the information.
- Lead security awareness and training programs.
- Conduct periodic reviews of assigned access and functionalities to various internal applications consistent with appropriate information security standards and practices.
- Participate in industry collaborative efforts to monitor, share, and discuss emerging security threats.
- Report significant security events to the Board, IT Steering Committee, government
agencies, and law enforcement, as appropriate.
- Oversee risk mitigation activities that support the information security program.
- Implement a risk acceptance process that identifies the risk and when, how, to what extent, and who in management has accepted the risk associated with identified vulnerabilities.
- Manage and monitor the information security responsibilities of third-party service
- Coordinate the responses to the requests related to various internal audits, network vulnerability assessments and regulatory examinations.
· Bachelor degree in Information Technology, Cybersecurity or related field.
· At least 7 years of relevant experience in information security and risk management in a financial institution. Experience developing and managing an information security risk management strategy and program.
· Comprehensive knowledge of key information technology controls and risk frameworks applicable to both IT and operational technology (OT) environments.
· Broad working knowledge of compliance and regulatory requirements related to information security, integrity, and privacy.
· Experience providing technical leadership in the areas of information privacy and security.
· Experience in development and adoption of information security policies, procedures, and standards.
· Broad knowledge of information security technologies, current and emerging information security trends, threats, tactics, and cyber defense mechanisms.
· Experience managing information security risk programs including developing and executing information security vulnerability assessments, audits, mitigations, and remediation.
· Expertise partnering, communicating, and collaborating with a diverse audience of stakeholders (i.e., end users, peers, managers, executives, and vendors).
· Excellent analytical and problem-solving skills.
· Ability to develop and maintain effective and cooperative working relationships.
· Ability to change priorities, work under pressure and meet critical deadlines.
· Ability to exercise a high degree of initiative, independence of action, tact and good judgment.
· Ability to make and provide sound recommendations and decisions.
· Reputable industry-related certification such as, Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
· Understanding of security architectures and TCP/IP protocols including installation and configuration requirements for LANs, WANs, VPNs, routers, firewalls, and related network and security devices.
· Knowledge and experience with Windows, Active Directory, Group Policy, DNS, encryption, patch management, anti-virus, system configuration management.
The physical demands/work environment described here is a representation of what must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to stand or sit; use hands/arms/fingers to handle, feel or reach, talk/hear, position self to move and have visual acuity to determine accuracy, neatness, and thoroughness of the work assigned. The employee may be required to lift and /or move up to 25 pounds. The noise level in the work environment is usually moderate.
PCBB is an equal opportunity employer and will consider qualified applicants for employment without regard to race, color, national origin, ancestry, sex, gender, gender identity, gender expression, religious creed, disability (mental and physical), medical condition, genetic information, age, marital status, sexual orientation, military and veteran status, or any other characteristics protected by federal, state or local law.