Our Enterprise Risk Management team is looking for a Chief Information Security Officer (CISO). You will be our second line of defense for the areas of responsibility, including maintaining effective risk management policies and practices.  As Chief Information Security Officer you will be responsible and accountable for monitoring the information security program, including reporting on the management and mitigation of information security risks across the Company.  Information security management responsibilities are distributed across various lines of business including the information technology (IT) team.  This role currently will serve as a program manager with no direct reports but could grow into a people leader role over time.  We are looking for someone who thinks building programs is an exciting challenge. If that is you, then apply today!

In one year as our Chief Information Security Officer (CISO), you will know you were successful if you...

• Responsible for assessing that the Company’s information security (physical and logical security) policy and strategy, including our Information Security program, governance, standards, and policies are in compliance with GLBA Information Security Act.
• Provide regular reporting, including key performance and risk indicator metrics, on the current status of the information security program to the Chief Risk Officer, senior business leaders, and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcome and maturity of the information security. 
• Develop and maintain working relationships with the IT and vendor management teams to ensure a consultative and collaborative environment, including information and cyber security, understanding of network security and infrastructure vulnerabilities, and establishing appropriate information security standards in contracts to ensure compliance and accountability.  Liaison for the Company’s architecture team to build alignment between the security and enterprise architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
• Understands and interacts with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.
• Works effectively with business units to facilitate information security risk assessments, vulnerability assessments and risk management processes and empowers them to own and accept the level of risk, while helping to ensure the risk is within the Company’s risk appetite.  
• Recommend security enhancements and define mitigating controls for core systems and applications to manage and reduce risk effectively and efficiently.
• Maintain the Information Security Incident Response program for responding to security events, incidents, and breaches.  Lead, manage, and contain information security incidents and events to protect the Company and its customers from imminent loss of information; manage the negative effects on the confidentiality, integrity, availability, or value of information; and minimize the disruption or degradation of critical services, identification and tracking of root cause and improvement opportunities, including collaborating with other business units.  
• Consults and coordinates with IT to ensure disaster recovery and business continuity plans are developed reflecting current operations and are periodically tested.
• Advises on employee user privileges to data. 
• Ensuring that the policies, practices, and procedures relating to client access to electronic delivery channels are appropriate, meet regulatory requirements, are consistent with industry best practices, and meet the business needs of the organization.
• Monitor and advise on current trends regarding information security technologies, existing and emerging threats, and related regulatory issues and advises relevant stakeholders on the appropriate courses of action.
• Ensure information security-related awareness training is provided to all employees.

What we are looking for…

• A Bachelor’s Degree in Information Technology, Engineering, or Business (Advanced Degree Preferred).
• 10+ years of related Information/Cybersecurity experience and/or training, including a financial institution or highly regulated industry experience information security experience preferred; knowledge of specialized areas such as audit, risk and compliance, fraud, physical security, and vendor management.
• Certified Information Systems Security Professional (CISSP), Certified in Risk & Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or equivalent professional certification preferred.
• IT systems, application, and design experience preferred.
• A demonstrated knowledge of information security standards (e.g. NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g. PCI, NIST, NSA), and other various security standards and policies.
• Demonstrated experience complying with Data Privacy rules and regulations.

Ranked as the top-performing U.S. public bank by S&P Global Market Intelligence, Merchants Bancorp is a diversified bank holding company headquartered in Carmel, Indiana, operating multiple lines of business, including multifamily housing and healthcare facility financing and servicing, mortgage warehouse financing, retail, and correspondent residential mortgage banking, agricultural lending, and traditional community banking. Merchants Bancorp conducts its business through its direct and indirect subsidiaries, Merchants Bank of Indiana, Merchants Capital Corp., Farmers-Merchants Bank of Illinois, and Merchants Mortgage, a division of Merchants Bank of Indiana. 

Merchants understands the positive impact of making employees feel valued and is proud to once again be recognized by the Indiana Chamber of Commerce’s Best Places to Work Program. This is the seventh year in a row that Merchants was recognized as a Best Places to Work organization.

PM20 #BK