SVP, Information Security Officer
Santa Rosa, CA Information Security
Job Type
Full-time
Description


The Information Security Officer is a management position responsible for overseeing the security of Bank’s information systems, primarily as it relates to cybersecurity risks, and including oversight of related services provided by the Bank’s third party IT Managed Service Provider (MSP). The ISO will monitor the risks and controls related to the Bank’s IT environment, and with the assistance of the MSP, safeguards information by ensuring that security risks are identified, assessed, mitigated and accurately reported. The ISO is responsible for developing Information security initiatives to accommodate current and future organizational needs, including budget and strategy preparation, and presentation of matters to executive management and/or IT Committee.


The ISO must lead with a focused vision, a commitment to open communication, providing and receiving constructive feedback, inspiring professional growth, and motivating through trustworthy and positive relationships to ensure a productive workplace environment.


Ensures compliance within all Bank policies and procedures, as well as all applicable state and federal banking regulations.



Essential Duties and Responsibilities include the following. Other duties may be assigned.

  • Actively manages MSP relationship through consistent communication, follow up and escalation, including ensuring adherence to Service Level Agreements
  • Works closely with MSP to actively ensure appropriate cyber security, administrative, physical and technical safeguards are in place to protect the Bank’s information assets from internal and external threats
  • Develops and maintains an information security control framework in accordance with applicable security regulations, guidance, policies and standards (e.g., GLBA, FFIEC IT Examination Handbook, FDICIA, NIST, and other industry-relevant security standards)
  • Consults with senior management and IT Committee to analyze computer system needs for management information and functional operations, to determine scope and priorities of projects, and to discuss system capacity and equipment acquisitions
  • Recommends and develops plans for systems development and operations, hardware and software purchases, budget, and staffing
  • Regularly review the Bank’s service and security metrics and takes action as needed
  • In partnership with the MSP and the Bank’s in-house IT personnel, manages projects pertaining to the implementation, installation, and operation of information and functional systems for the organization
  • Develops, implements, and monitors management information systems policies and controls to ensure data accuracy and security, as well as legal and regulatory compliance, and compliance with Bank policies and procedures
  • Consults with auditors and examiners and ensures completion of remediation of relevant audit findings
  • Partners with the Information Technology Officer by providing system application and technical expertise to facilitate the development of goals, policies, standards, and procedures
  • Oversees the development and implementation of methods and tools to benchmark, analyze, standardize, simplify, automate, report on and continuously improve IT systems and processes to optimize levels of service and control costs
  • Evaluates vendor proposals for purchases of technology solutions and services to assure adherence to technical specifications and business needs
  • Develops, maintains, and tests disaster recovery plans for all systems
  • Acts as committed owner of the security incident and vulnerability management processes, including the Incident Response Plan and Business Continuity Plan in collaboration with the Bank’s Information Technology Officer and MSP
  • Reports relevant information security and service metrics to Bank’s IT Committee on a quarterly basis or more frequently as necessary
  • Responsible for maintenance of Information Security Policy and security awareness training for Bank personnel
  • Serves as the Bank’s Privacy Officer
  • Maintains GLBA Risk Assessment, Cyber Security Risk Assessment and other relevant risk assessments, often with the assistance of MSP
  • Assures compliance with all Bank policies and procedures, as well as, all applicable state and federal banking regulations
  • Serves as a member of the Bank’s IT Committee; makes presentations and facilitates discussions at IT Committee meetings. Develops information security policies, budgets and strategic plans to be presented to IT Committee and/or the Board of Directors for approval


Supervisory Responsibilities:

  • The SVP, Information Security Officer directly manages the Information Security Team.
  • Responsible for overseeing the information security services provided by the MSP and holding the MSP accountable to its service commitments to the Bank.


Qualifications:

  • Minimum of 10 years of relevant experience, including in a 3rd party IT managed service provider environment
  • Bachelor’s degree or work experience equivalent with sufficient background in information security and business management disciplines
  • Must possess relevant professional certification(s), such as CISSP, CISSO, CISA and/or CISM
  • Experience managing projects or programs to achieve information security objectives
  • Understanding of current technology and regulatory trends affecting financial institution information security programs
  • Demonstrated ability to analyze security and technology control effectiveness
  • Ability to evaluate, analyze, synthesize information to make decisions
  • Ability to interact with a wide range of internal staff members and external professionals, including regulators, consultants, auditors, legal counsel and others
  • Strong understanding of computer systems, networks, security, telecommunications, databases, and storage systems
  • Ability to successfully participate and lead the execution of complex, enterprise-level projects with different teams with diverse personalities
  • Skilled at both working solo on projects and equally at working closely and collaboratively with team members, sharing out responsibilities
  • Effective analytical skills with an ability to identify issues and resolve, or identify the resources to assist in resolution
  • Able to address issues quickly. Comfortable taking on multiple, concurrent projects and working under tight deadlines to address critical issues
  • Strong organizational planning skills and understanding of project management concepts
  • Tolerant of ambiguity and the flexibility to work well in a dynamic environment with evolving priorities
  • Strong professional and technical communication skills (both written and verbal)
  • Expertise in deploying and supporting SaaS applications, especially with SAML/SSO products like Okta
  • Knowledge of administration of mobile computing products using enterprise management tools
  • Able to troubleshoot difficult and complex problems with applications
  • Comfortable and confident in speaking openly, whether with team members or executives, always leading with a positive, service-oriented attitude
  • Flexible and innovative team player with a roll-up-the-sleeves attitude and a hands-on approach
  • Ability to manage time effectively and be focused on setting and executing clear objectives and priorities
  • Commitment to excellence and high standards
  • Ability to demonstrate excellent customer service and interpersonal skills
  • Excellent communication, explanatory, writing and relationship-building skills, with an ability to prioritize, negotiate, and work with a variety of internal and external stakeholders
  • Willing to work flexible hours including evenings and weekends as the job demands and travel as required


Physical/Mental Demands & Work Environment:

The incumbent in the course of performing this position frequently spends time writing, typing, speaking, listening, operating basic business equipment, seeing (such as close, color and peripheral vision, depth perception and adjusted focus), sitting, walking, standing, reading documents or instruments, detailed work, problem solving, client contact, reasoning, math, language, presentations, verbal and written communication, analytical reasoning, stress, multiple concurrent tasks, and constant interruptions. The incumbent for this position will occasionally lift between 5-25 pounds, pull, squat, kneel and reach. The incumbent is in a non-confined office-type setting in which he or she is free to move about at will. The work environment is typically quiet to a moderate noise level.


Travel is required. It is primarily local during the business day, and occasionally there will be out-of-area and overnight travel.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Management reserves the right to change this position description at any time.


Management reserves the right to change this position description at any time according to business needs.






Requirements

See qualifications above.


Poppy Bank provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.


For San Francisco Postings, review Fair Chance Ordinance.


Poppy Bank Notice to Applicants CCPA & CPRA


Salary Description
$160,000-$200,000 DOE