Job Title: Information Security Officer
SummaryThe
Information Security Officer (ISO) at German American Bank is responsible for establishing and coordinating information security efforts, privacy efforts and business resumption planning across the company. The role is positioned as a key partner to the Technology Services department - ensuring security and IT activities are completed in a coordinated, prioritized and timely manner. The ISO carries direct leadership responsibility for both the information security and physical security team(s). This role is responsible for ensuring the bank's information security strategy is optimal and includes the appropriate controls for mitigating identified threats and risks. This includes research, development, planning, implementation, communication and enforcement of IT security design, policies, procedures, solutions and standards.
Duties and Responsibilities:- Information Security Program: Develop and maintain the company's information security program, ensuring compliance with all regulatory guidance and information security best practices. This includes policies and procedures aligned with the bank's information security program as well as ownership of the information security risk assessment for the bank.
- Business Continuity & Disaster Recovery: Maintain, coordinate, and support the bank's enterprise-wide disaster recovery and business continuity plan, including periodic testing. Key contributor and leader in any Incident Response Team issue, including documentation of any information security related incident.
- Enterprise Risk Management reporting - establish and monitor KRIs related to information security to align with the bank's ERM framework and risk appetite. Participate and contribute reports, projects and findings at management's Tech Risk Committee quarterly, and present the annual Information Security Program at Board Risk Committee annually.
- Privacy Program: Maintain compliance with applicable privacy laws including GLBA, HIPAA, PCI, etc.
- Threat Monitoring: Proactively monitor, evaluate, and implement best practices related to enterprise information security. Provide internal guidance on emerging threats.
- Daily Security Operations: Ensure completion of daily reviews of security logs and reports; ensure appropriate follow-up action is taken.
- Third-Party Risk: Evaluate effectiveness of information security programs of third-party software, hardware, and service providers.
- User Access Management: Oversee user access provisioning for all company systems.
- Team Leadership: Lead the Information Security and Physical Security Team(s), including recruiting, hiring, training, and performance management.
- IT Partnership: Work closely and collaborate with the Technology Services department to protect information assets through appropriate tools. Coordinate project timelines, resources and outcomes for any new information security initiatives with Technology Services.
- Audit & Examination Response: Respond to relevant audit and examination requests, manage resolutions of any findings.
- Training & Awareness: Oversee the bank's information security training and awareness efforts, ensuring employees receive timely, role-based education on security practices and emerging threats.
Requirements:- To be successful as the Information Security Officer, you'll need:
- 5-10 years information and physical security experience.
- 2-3 years leadership/managerial experience.
- Bachelor's Degree in Information/Cybersecurity, Computer Information Systems, Computer Science, Information Technology Management, Network Management Systems, or related work experience.
- Knowledge and experience with regulatory bodies including FFIEC, FDIC and banking regulations such as, but not limited to PCI, GLBA, NIST and Cybersecurity.
- Certifications in or willing to obtain certification in CISSP, CISM, or CISA or equivalent recognized industry certifications.
- Ability to: communicate effectively (written and verbally), maintain confidentiality, work with speed and accuracy, grasp technical information quickly, and work independently and as a team member.
- Attention to detail and ability to work well in teams and individually.
What we can offer you:- Medical, dental, vision, STD, LTD, Life insurance, etc.
- 25 days paid time off, 11 paid holidays and bereavement leave
- Education Assistance Program
- Paid Parental Bonding Leave
- Wellness benefits
- Life event coverage
- Service awards
- Financial benefits including 401(k) match, stock purchase plan, short-term incentives and long-term equity earning opportunities
- Logo wear discounts
- Free checking account, checks and discounted bank services
This position is available at the following locations:- Operations Center,1311 West 12th Ave, Jasper, IN 47546
- Owensboro Downtown,313 Frederica St, Owensboro, KY 42301
- Evansville Vogel Rd,4424 Vogel Rd, Evansville, IN 47715
