The Information SecurityRisk Manager (“ISRM”) is primarily responsible for assisting the Chief Information Security Officer (“CISO”) in the development, maintenance and monitoring of Dime’s Cybersecurity and Information Security Programs, which will be designed to protect the confidentiality, integrity, and availability of Dime’s information systems. In fulfilling this responsibility, the ISRM will serve as a technical expert in information security policy issues for Dime, and work with Dime’s CISO and Chief Risk Officer (“CRO”) to develop, implement and maintain effective cybersecurityrisk framework.
Overall, the Information SecurityRisk Manager’s job is to work with Dime’s IT, Internal Audit, Risk Management and various business units to plan, coordinate and develop recommendations for all aspects of information security policies and procedures for Dime in order to:
- Ensure that the procedures and rules of use for information systems comply with Dime’s information security policies.
- Ensure that the administrative procedures for information systems comply with Dime’s information systems security policies.
- Ensure that appropriate vulnerability (risk) assessments are performed to evaluate the effectiveness of existing controls, including periodic penetration testing of critical information systems.
- Ensure that services provided by otherenterprises (vendors), including outsourced providers, are consistent with established information security policies, including periodic oversight.
- Manage entitlement reviews of critical systems to protect Dime’s information assets from internal and external threats.
- Use metrics to measure, monitor and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
- Ensure that compliance issues and other variances are resolved in a timely manner.
- Ensure the development and delivery of activities and programs that can positively influence Dime’s information security culture and the related behavior of its staff, including information securityeducation and awareness.
- Conduct and report results of the annual information securityrisk assessment.
- Along with the CISO, serve as a technical expert in information security matters for Dime.
- Assist in the development and maintenance of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate information securityrisks and related compliance issues.
- Assist in developing and coordinating business contingency plans and incident response plans along with related testing of both on a regular basis.
- Perform periodic reviews to assure that security policies and procedures are being complied with, and develop recommendations for improvements.
- Work with Dime’s business units, vendors, and systems professionals to identify solutions to advance the bank’s information security goals.
- Work with the CISO to build a strong third-party service provider program.
- Bachelor’s degree and minimum three years’ related experience and/or training; or equivalent combination of education and experience
- Knowledge of banking operations, policy and procedure development
- Knowledge of financial services regulatory requirements (FFIEC, GLBA, New York State Cyber Law), and industry standards (NIST, ISO27001)
- Demonstrated understanding of technological trends and developments in the areas of information security, risk management.
- Demonstrated experience in the administration and management of the information security function including FFIEC regulations
- High regard for quality and risk management practices
- Ability to read, interpret and develop documents such as policy and procedure manuals, operating instructions, and training manuals
- Ability to write reports and correspondence for executive presentations
- Proficient in Microsoft Office, banking hardware, software and security programs, financial computer programs and systems, and database management software
- Excellent oral and written communication skills