General Responsibilities / Job Summary:

As a key member of the Risk Department, the Information Security Manager (ISM) is responsible for establishing and maintaining the bank’s Information Security Program to ensure information assets and technologies are adequately protected. Tactically, the ISM is responsible for managing the day-to-day activities of the IT Security Team as well as providing technical direction for projects and audits. Strategically, the ISM will collaborate with other organizational leaders and third parties, as appropriate, to promote and advance the institution’s security culture and program implementation. 

Essential Functions/Duties:

• Embrace Corporate Values: Incorporate LINKBANK’s values of LIVE (Leadership, Integrity, Vision, and Excellence), Integrity, Nurture, and Knowledge into the company culture.
• Positive Attitude and Learning: The role requires a positive mindset, willingness to learn, and a focus on delivering excellent client service to all LINKBANK members.
• Manage Risk: Take a practical approach to managing security risks, ensuring security measures align with business objectives.
• Maintain Security Program Policies: Oversee and update security policies, procedures, and standards related to incident response, business continuity, and disaster recovery, including testing and maintaining playbooks.
• Oversee IT Security Controls: Assist in the planning and implementation of cybersecurity infrastructure, ensuring security of technologies, services, and vendors to enhance efficiency, service delivery, and security posture.
• Enforce Security Policies: Lead the establishment, maintenance, and enforcement of security policies and standards within the organization, driving change management and gaining buy-in.
• Manage Security Incidents: Lead and support the team during security incidents, ensuring effective containment, remediation, and recovery, while conducting post-incident analysis and sharing lessons learned.
• Identity and Access Management: Oversee the identity and access management program, ensuring timely user provisioning, deprovisioning, and annual reviews.
• Vulnerability Management: Manage the vulnerability management program, addressing and remediating security vulnerabilities.
• Data Governance Program: Define and maintain a data governance program to ensure proper data management and protection.
• Conduct Risk Assessments: Perform risk assessments related to information/cybersecurity and data governance to identify potential security gaps.
• Monitor Security Technologies: Monitor and analyze outputs from security technologies (e.g., intrusion detection, vulnerability scans) to identify threats and recommend improvements.
• Information Security Committee: Lead and participate in meetings to review security program metrics, trends, and topics, providing regular updates on the program’s status.
• Third-Party Risk Management: Assist in assessing third-party entities and solutions to manage third-party risk.
• Cybersecurity Insurance: Participate in maintaining appropriate cybersecurity insurance, including supporting security assessments with brokers/providers.
• Security Awareness Program: Enhance and maintain a company-wide security awareness program, including training and report development or delivery.
• Collaborate with Auditors: Work with auditors and examiners to provide necessary information security artifacts for reviews.
• Compliance with Regulations: Ensure compliance with relevant banking regulations (e.g., GLBA, BSA, AML, OFAC, PCI).
• Other Duties: Perform any additional tasks as assigned.

Minimum Qualifications:

• Education/Training: Bachelor’s degree in Computer Science, Cyber Security, or equivalent.  

Knowledge/Skills/Abilities:

• Knowledge in Information and Cyber Security: In-depth understanding of cybersecurity practices, staying current with IT security threats, vulnerabilities, and their potential impact on the bank's digital and financial assets.
• Continuing Education: Demonstrated commitment to professional development through ongoing education, such as attending seminars, conferences, or reviewing relevant research.
• Experience in Information Security Program Oversight: Exposure to managing an Information Security Program, including strategy development, execution, budgeting, and managing contracts or service level agreements (SLAs).
• Networking and Server Administration Exposure: Familiarity with networking and server administration, contributing to overall IT security management.
• Judgment and Problem-Solving Skills: Strong decision-making and analytical abilities to address complex security issues effectively.
• Project Management Skills: Proven ability to manage projects, including overseeing development, maintenance, and support teams.
• Communication Skills: Strong verbal and written communication abilities for clear and effective interaction across teams.
• Interpersonal Skills: Well-developed interpersonal skills for working collaboratively and fostering positive relationships.
• Leadership Ability: Demonstrated capability to lead teams and initiatives, guiding others towards achieving goals.
• Attendance: Consistent and reliable attendance in the workplace.

Experience: Minimum of five (5) years of experience in the Information Security field. 

• Required Certification/Licenses: Active cyber-security certification from an accredited organization, such as ISC2, CISA, CompTIA, EC-Council, ISACA, GSEC, etc. Post hire certifications may be required to gain knowledge needed to stay current in field.

Travel Requirements: Ability to travel to all locations in the bank’s footprint and conferences as needed.

Physical and Mental Job Requirements:

• Technical and detailed analytical work on the computer. 
• Must be able to communicate effectively orally and in writing and deliver and receive information clearly, concisely, and accurately. 
• Must have the visual acuity required to work at a computer terminal. 
• Must have the ability to perform activities such as prepare and analyze data and figures, view computer screen, extensive reading, and report preparation. 

Working Conditions:

This job operates in a professional office environment. This role routinely uses standard office equipment, such as computers, printers/copiers, phones, and postage meters.