Information Security Officer

Fortis Bank

$100K — $130K *
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Security or related field; Master's preferred.
  • 7-10 years of information security experience, 3 years in a leadership role in banking or financial services.
  • Proven experience with FDIC examinations for banks with $1-2 billion assets.
  • Expertise in audits related to mid-sized community banks and relevant compliance frameworks.
  • Hands-on experience implementing cybersecurity frameworks like NIST CSF and CIS.
  • Professional certifications such as CISSP, CISM or CRISC.
  • Strong knowledge of security technologies, including firewalls and intrusion detection systems.
  • Excellent communication skills for translating technical information to non-technical audiences.

Responsibilities

  • Develop and maintain information security policies and standards to meet regulations and best practices.
  • Lead risk assessments and incident response efforts with internal and external coordination.
  • Design and execute security controls across IT systems, networks, and third-party vendors.
  • Conduct security audits, IT risk assessments, and compliance reviews to identify weaknesses.
  • Collaborate with leadership to integrate security into business processes, product launches, and technology acquisitions.
  • Manage employee security awareness training programs and ongoing education.
  • Prepare and present security metrics and compliance status reports to executive management.

Benefits

  • Opportunities for professional development and certifications.
  • Collaborative work environment with a focus on security culture.
  • Involvement in strategic decision-making at senior leadership levels.
  • Engagement with current and evolving cybersecurity technologies.
  • Ability to influence and implement significant security frameworks within the organization.
Full Job Description
Summary

The ISO will be responsible for protecting the bank's sensitive data, ensuring compliance with regulatory requirements, and mitigating risks in an evolving threat landscape. This role requires a strategic thinker with deep expertise in banking regulations, including mandatory experience in FDIC examinations and audits for mid-sized banks. The ideal candidate will foster a culture of security awareness while implementing robust frameworks to safeguard our operations, customers, and assets.

Responsibilities

  • Develop, implement, and maintain the bank's information security policies, procedures, and standards in alignment with regulatory requirements and industry best practices.
  • Lead risk assessments, vulnerability management, and security incident response efforts, including coordination with internal teams and external partners during security incidents.
  • Oversee the design and execution of security controls for IT systems, networks, cloud environments, and third-party vendors.
  • Conduct regular security audits, IT risk assessments, penetration testing, and compliance reviews to identify and remediate potential weaknesses.
  • Collaborate with senior leadership to integrate security into business processes, including new product launches and technology acquisitions.
  • Manage security awareness training programs for employees and ensure ongoing education on emerging threats.
  • Prepare and present reports on security metrics, risks, and compliance status to executive management and the board of directors.
  • Manage the business continuity/disaster recovery program for the Bank, including annual tabletop exercises.
  • Stay abreast of evolving cyber threats, regulatory changes, and technological advancements to proactively enhance the bank's security posture.
  • Coordinate with regulators during examinations and audits, ensuring timely response to findings and implementation of corrective actions.


Minimum Qualifications

  • Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred.
  • Minimum of 7-10 years of experience in information security, with at least 3 years in a leadership role within the banking or financial services industry.
  • Proven experience with FDIC examinations, including preparation, participation, and follow-up on findings for banks with assets in the $1-2 billion range.
  • Demonstrated expertise in conducting and managing other relevant audits, such as financial statement audits, IT general controls audits, and compliance reviews typical for mid-sized community banks (e.g., under GLBA, FFIEC guidelines, and BSA/AML frameworks).
  • Hands-on experience implementing cybersecurity frameworks, including CRI Profile of NIST Cybersecurity Framework (CSF) 2.0 and CIS 8.1, with a track record of mapping controls to regulator requirements.
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent.
  • Strong knowledge of security technologies, including firewalls, intrusion detection/prevention systems, encryption, and endpoint protection.
  • Excellent communication skills, with the ability to translate complex technical concepts to non-technical stakeholders.
  • Ability to work in a fast-paced environment and manage multiple priorities effectively.
  • Strong organizational time management skills, problem solving skills, and the ability to quickly grasp concepts and processes with limited guidance from management.
  • Strong written and verbal communication skills.
  • Must be able to work in a team environment with the ability to interact well, and in a positive manner, with co-workers and management.
  • Strong written and verbal communication skills
  • A positive and collaborative approach with both peers and management
  • Versatility, flexibility, and a willingness to work on consistently changing priorities with enthusiasm


ADDITIONAL INFORMATION

Reporting Structure: Reports to the SVP, Chief Information Officer

Office Requirements: This position is required to be in the office 5 days per week. The position is open in the Denver and Salt Lake City Markets.

Similar Jobs

More Jobs at Fortis Bank

More Finance & Insurance Jobs

Find similar Information Security Officer jobs: