SUMMARY: The Information Security Officer (ISO) is responsible for the implementation, ongoing iteration and management of the Bank's Information Security Program to ensure that information assets, network infrastructure, and technologies are safeguarded against both internal and external cyber threats. The ISO proactively identifies potential vulnerabilities, implements protective measures, and remains knowledgeable of evolving cyber threats and online banking fraud, ensuring the security and compliance of the Bank's operations. As a key member of the Enterprise Risk Management Team, the ISO will partner with the Chief Credit Officer/Chief Risk Officer and leaders across the Bank to ensure that our security program evolves with best practices and beyond.
PRIMARY RESPONSIBILITIES
• Develops and implements security policies and procedures, including user log-on protocols, security breach escalation, auditing practices, and encryption policies.
• Identifies and assesses security risks within the Bank's network infrastructure, systems, and facilities, and designs solutions to remediate those risks.
• Leads cybersecurity initiatives, leveraging advanced threat intelligence, analytics, and automated responses to strengthen security measures.
• Ensures effective use of security tools and technologies to prevent network and system breaches.
• Stays updated on emerging technologies such as artificial intelligence, blockchain, and tokenization, providing recommendations on their secure implementation.
• Monitors and enforces compliance with security policies by administering and reviewing security profiles and addressing violations.
• Maintains knowledge of security threats, vulnerabilities, and best practices through government agencies, security experts, and professional publications.
• Continuously monitors the external threat landscape and advises management on appropriate responses to emerging threats.
• Develops and updates security policies, identifying necessary changes or new policies as required.
• Sets security requirements and ensures compliance for firewalls, intrusion detection systems, antivirus, and data loss prevention systems to safeguard sensitive information.
• Maintains regular communication and working relationship with the Managing Director IT.
• Collaborates with various internal stakeholders to ensure consistent application of security policies across all technology projects and services.
• Conducts regular reviews of user access certifications to ensure appropriate application entitlements for each user's role.
• Maintains and enhances the enterprise-wide information security policy and IT risk management program.
• Creates conduits for collection of measurable ERM data from various systems.
• Provides regular reports and security briefings to management, including risk assessments and updates on security activities.
• Presents updates to the Board of Directors quarterly on initiatives and findings.
• Evaluates and recommends new security products, services, and processes to continuously improve the Bank's security program.
• Ensures third-party service providers and mission-critical systems adhere to robust information security controls and incident response plans.
• Acts as a liaison with the Bank's managed security service provider, overseeing alerts, updates, and necessary communications.
• Responds to security alerts, including identifying risks, affected devices, and coordinating remediation efforts.
• Guides audit, assessment, and penetration test responses to ensure compliance and drive security improvements.
• Delivers cybersecurity risk training and awareness programs to Bank employees and stakeholders.
• Maintains relationships with external security partners, vendors, and law enforcement agencies, as necessary, to enhance the Bank's security posture.
• Recognizes red flags, scams, fraud, phishing, etc.
• Stays current on applicable banking regulations and security procedures and practices to prevent fraud or other bank losses and to comply with regulatory requirements.
• Performs responsibilities during Bank hours by being physically present at the Bank an average of 40 hours each week based on banking needs.
• Travels between branches as needed.
• Performs other responsibilities as assigned by management.
QUALIFICATIONS
• Education: Bachelor's Degree in Information Security, Computer Science, Information Technology, or other related field. Or equivalent work experience
• Experience: 10+ years of combined information security, risk management, and IT experience with a broad range of exposure to systems analysis, application development, infrastructure/network and multi-platform environments required; 5+ years of banking experience preferred.
• Extensive knowledge of information security principles and best practices, as well as familiarity with regulatory compliance protocols.
• Excellent written and verbal communication skills with the ability to convey complex security topics to both technical and non-technical audiences.
• Valid driver's license, proof of insurance, qualifying motor vehicle record report, and reliable transportation.
• High level of professionalism and integrity.
• Flexible, adaptable, and willing to continuously learn.
• Strong analytical and problem-solving abilities.
• Ability to work both independently and as part of a team.
• Exceptional organizational skills, with the ability to prioritize and execute multiple tasks and projects simultaneously.
• Strong work ethic and attention to detail.