Information Security Officer

Fortis Bank

$100K — $130K *
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Security, Computer Science, or related field; Master's preferred.
  • 7-10 years of experience in information security, with 3 years in a leadership role in banking or financial services.
  • Proven experience with FDIC examinations for banks with assets in the $1-2 billion range.
  • Expertise in managing audits compliant with GLBA, FFIEC guidelines, and BSA/AML frameworks.
  • Hands-on experience with cybersecurity frameworks like NIST CSF 2.0 and CIS 8.1.
  • Professional certifications such as CISSP, CISM, or CRISC required.
  • Strong knowledge of security technologies including firewalls and intrusion detection systems.

Responsibilities

  • Develop and maintain information security policies aligned with regulatory requirements.
  • Lead risk assessments and coordinate security incident responses.
  • Oversee the design and execution of security controls for IT systems and third-party vendors.
  • Conduct audits and compliance reviews to identify and remediate vulnerabilities.
  • Collaborate with senior leaders to integrate security in business processes.
  • Manage security awareness training for employees on emerging threats.
  • Prepare and present security reports to executive management and the board.
  • Manage the business continuity/disaster recovery program including exercises.
  • Stay updated on evolving cyber threats and regulatory changes.

Benefits

  • Office environment fosters collaboration with daily in-person interactions.
  • Opportunity to work closely with senior leadership.
  • Focus on continuous education regarding cybersecurity threats.
  • Engage in a proactive security culture within a mid-sized bank.
  • Participate in a comprehensive business continuity and disaster recovery program.
Full Job Description
Summary

The ISO will be responsible for protecting the bank's sensitive data, ensuring compliance with regulatory requirements, and mitigating risks in an evolving threat landscape. This role requires a strategic thinker with deep expertise in banking regulations, including mandatory experience in FDIC examinations and audits for mid-sized banks. The ideal candidate will foster a culture of security awareness while implementing robust frameworks to safeguard our operations, customers, and assets.

Responsibilities

  • Develop, implement, and maintain the bank's information security policies, procedures, and standards in alignment with regulatory requirements and industry best practices.
  • Lead risk assessments, vulnerability management, and security incident response efforts, including coordination with internal teams and external partners during security incidents.
  • Oversee the design and execution of security controls for IT systems, networks, cloud environments, and third-party vendors.
  • Conduct regular security audits, IT risk assessments, penetration testing, and compliance reviews to identify and remediate potential weaknesses.
  • Collaborate with senior leadership to integrate security into business processes, including new product launches and technology acquisitions.
  • Manage security awareness training programs for employees and ensure ongoing education on emerging threats.
  • Prepare and present reports on security metrics, risks, and compliance status to executive management and the board of directors.
  • Manage the business continuity/disaster recovery program for the Bank, including annual tabletop exercises.
  • Stay abreast of evolving cyber threats, regulatory changes, and technological advancements to proactively enhance the bank's security posture.
  • Coordinate with regulators during examinations and audits, ensuring timely response to findings and implementation of corrective actions.


Minimum Qualifications

  • Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred.
  • Minimum of 7-10 years of experience in information security, with at least 3 years in a leadership role within the banking or financial services industry.
  • Proven experience with FDIC examinations, including preparation, participation, and follow-up on findings for banks with assets in the $1-2 billion range.
  • Demonstrated expertise in conducting and managing other relevant audits, such as financial statement audits, IT general controls audits, and compliance reviews typical for mid-sized community banks (e.g., under GLBA, FFIEC guidelines, and BSA/AML frameworks).
  • Hands-on experience implementing cybersecurity frameworks, including CRI Profile of NIST Cybersecurity Framework (CSF) 2.0 and CIS 8.1, with a track record of mapping controls to regulator requirements.
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent.
  • Strong knowledge of security technologies, including firewalls, intrusion detection/prevention systems, encryption, and endpoint protection.
  • Excellent communication skills, with the ability to translate complex technical concepts to non-technical stakeholders.
  • Ability to work in a fast-paced environment and manage multiple priorities effectively.
  • Strong organizational time management skills, problem solving skills, and the ability to quickly grasp concepts and processes with limited guidance from management.
  • Strong written and verbal communication skills.
  • Must be able to work in a team environment with the ability to interact well, and in a positive manner, with co-workers and management.
  • Strong written and verbal communication skills
  • A positive and collaborative approach with both peers and management
  • Versatility, flexibility, and a willingness to work on consistently changing priorities with enthusiasm


ADDITIONAL INFORMATION

Reporting Structure: Reports to the SVP, Chief Information Officer

Office Requirements: This position is required to be in the office 5 days per week. The position is open in the Denver and Salt Lake City Markets.

Similar Jobs

More Jobs at Fortis Bank

More Finance & Insurance Jobs

Find similar Information Security Officer jobs: