Information Security Manager reports to the Chief Information Security Officer (CISO). Will work closely with the CISO, Chief Technology Officer, and other key team members (including Senior Management, IT and business process owner) to develop business cases for new security projects and to risk assess both existing and planned information systems. The Information Security Manager provides oversight of the Information Security Program, by directing activities related to the administration, compliance, policy development and enforcement of IT security designs.
- Responsible for adherence to all compliance programs, including but not limited to, completion of all required and assigned training modules by establishing due dates.
- Participates in the development and implementation of the Information Security Program to include appropriate and effective controls to mitigate identified threats and risks to information security;
- Assists with the communication and enforcement of IT security design, policies, procedures, solutions, and standards;
- Provides security training for team members, informs the company of the current Information Securityrisk environment on a continuous basis, and provides guidance for risk mitigation against potential threats.
- Assists in the oversight of the company’s business continuity planning process (BIA/BCP).
- Initiates, facilitates and promotes activities that foster improved data security awareness and education and serves as an internal information security consultant to business lines company-wide;
- Oversees incident response planning as well as the investigation of security breaches, and assist with reporting and legal matters associated with such breaches as necessary.
- Meets with business process owners to analyze, document and define information security requirements associated with new applications/systems;
- Monitors changes in information security and privacy federal regulations and best practice standards that affect information security related to policies and procedures;
- Assists in the coordination of the Information Security portion of external audits, network scans and social engineering/ penetration test.
- Assists in enforcing and managing the company’s physical security program, including responding to robbery calls, surveillance systems, and alarms.
- Perform other duties as assigned.
May have supervisory responsibilities
Knowledge and Skills:
- Knowledge and experience with regulatory bodies including FFIEC, FDIC and banking regulations such as, but not limited to, PCI, GLBA, NIST, and Cybersecurity;
- Prefer completed or pursuit of professional certification such as, CISSP, CISM, or CISA or equivalent recognized industry certifications.
In-depth knowledge of, and experience in, information securityrisk assessment and auditing procedures with a focus on financial institutions;
Excellent computer skills, excellent interpersonal skills, problem-solving and innovative thinking, ability to critically analyze problems, ability to multitask, attention to details, ability to learn actively, good communication skills, ability to work in a team environment, ability to maintain a helpful and positive attitude.
Education and/or Experience:
- Bachelor's degree (B.A.) from a four-year College or University or equivalent combination of education and experience in the field of information systems, computer science or related field.
- Minimum of 4-6 years of progressive experience in information security and banking industry.