Heartland Financial USA, Inc. is a growing dynamic organization with many locations offering uniquely different banking and financial solutions for businesses and personal clients. As a performance driven company, we strive to create a culture of excellence with high standards, and high values while providing outstanding growth and involvement opportunities for employees. Join a team that makes "Great Things Happen!"™
Under the direction of the InformationSecurity Office, the InformationSecurity Analyst isresponsible for management and execution of day-to-daysecurity tasks and projects to ensure compliance with the organization’s informationsecurity standards, requirements, andrisk posture. Ensures the performance of all duties in accordance with company’s policies and procedures, all U.S. state and federallaws and regulations, wherein the company operates.
1. Acts as Information Security/IT risk representative on projects, as suitable, to ensure that security strategy, risk, and regulatory requirements are being addressed in the appropriate stage of the effort.
2. Ensure Information Security policies, procedures, and forms exist and are up to date and appropriate, adjusting to changes in HTLF risks, technology, goals, as well as regulatory requirements and best practices.
3. Performs 3rd party vendor due diligence activities around IT risk and Information Security, including but not limited to:
a. Risk and control analysis
b. Partnering w/BCP coordinator to incorporate the business resiliency review into the risk and controls overview
c. Ensuring that new vendors/services with BCP/BIA impact are communicated and incorporated into reoccurring review activities
d. Ensure completion of ongoing vendor due diligence is performed for existing vendors
4. Acts as day-to-day liaison for member bank information security, audit, and IT risk activities. Including, but not limited:
a. Coordinating and reviewing information security program components to ensure that they are done completely, identify any areas that need to be escalated, and clarifying items for member bank representatives
b. Create and administer quarterly schedule of program tasks to facilitate timely detection of issues and yearly required tasks
c. Facilitate examination prep, aid with exam questions as applicable, evidence collection as applicable, exit meetings, and finding follow up
5. Coordinates internal and external IT/Information Security audit and examinations, ensuring that the appropriate evidence is gathered, coordinating the resolution of questions, and facilitating post-audit IT/IS administrative activity (e.g. departmental discussions around root cause, coordinating management responses, etc.)
6. Facilitate HTLF risk assessment process; including identifying and creating appropriate risk assessments, ensuring risk documentation is updated and creating required reports. Participate in or facilitate ad hoc risk assessments as suitable.
7. Participates in ongoing assessment of, remediation, and reporting around cyber risks.
8. Participate in the design of, and lead execution of, internal compliance monitoring for high risk Information Security/IT risk controls
9. Participates in BCP/Incident response teams and exercises
10. Completes annual E-Learning Plan and Bank Secrecy Act (BSA) training as assigned and keeps up-to-date knowledge of BSA as it relates to the job function.
11. Performs other duties as assigned.
REQUIRED SKILLS & EXPERIENCE:
1. Bachelor’s Degree in Business Administration, Information Technology or equivalent work experiencerequired
2. 3-5 Years work related experience in the information security field
3. Demonstrates knowledge of/experience with information security regulatory requirements and frameworks (e.g. GLBA, PCI, ISO 27001, NIST 800-53, etc.)
4. Experience implementing and managing program components and projects to achieve information security objectives
5. Critical thinking skills, the ability to exercise independent judgment
6. Strong analytical, organizational, and decision making skills
7. Strong verbal/written communications
8. Must be able to effectively and efficiently interface and coordinate work with business partners in remote locations
9. Strong administrative skills, with effectiveness in developing tasks and managing resources to achieve target dates