Information Security Officer

Position Summary:

This position is responsible for the oversight and implementation of the Bank’s Information Security Program.

Essential Functions:

  1. Responsible and accountable for implementing and monitoring the Bank’s formal Information Security Program including periodic reports on the state of Information Security to the Board of Directors and Senior Management.
  2. Responsible for reviewing and updating the Bank’s Information Security (IT) Risk Assessment.  This includes incorporating new systems/processes into the risk assessment.  Ensures controls assessments are assigned and completed in a timely manner.  
  3. Engages independent third parties to conduct testing of key controls and systems.  Monitors progress on the remediation of findings.  Provides updates to the Information Security Committee, the Audit Committee and the Board of Directors.   
  4. Conducts internal assurance reviews to ensure that policies, procedures and controls are operating effectively.  Provides reports to the Information Security Committee and the Audit Committee.
  5. Monitors cyber security threats and vulnerabilities.  Communicates and discusses relevant information with the Information Technology Department and the Information Security Committee.  
  6. Responsible for maintaining the Bank’s Information Security Incident Response Plan.  Coordinates incident response activities as needed.
  7. Assists management to evaluate the security controls of third party service providers.
  8. Reviews daily reports to provide oversight regarding changes to configurations and/or user changes on the network.  Ensures change management procedures are adhered to.
  9. Responsible for conducting periodic inventories of customer Non-Public Personal Information (NPPI) to ascertain that the customer NPPI is handled and stored properly.  
  10. Works closely with project owners throughout the project to identify potential project risks and threats, including cybersecurity, and validates that testing results are consistent with predefined measurements of success.
  11. Assists in the preparation for external audits, regulatory exams and third-party vulnerability assessments and penetration testing.
  12. Assists with Information Security training to support employee and customer awareness. 
  13. Chairs the Bank’s Information Security Committee.  Serves as a member of the Risk Management and Technology Steering Committees.  
  14. Provides professional, courteous and efficient service to all internal and external customers.
  15. Attends all required meetings and training.
  16. Performs other miscellaneous duties or special assignments as required or assigned.
  17. Complies with federal and state banking regulations, as well as with all bank and department policies and procedures.

Position Qualifications and Education Requirements:

  • Bachelor of Science Degree preferred.
  • Five to seven years Information Security and IT experience, preferably in a financial institution.
  • Proficiency in understanding information systems and risk management theory, standards, procedures, and techniques.
  • Good interpersonal skills with the ability to maintain satisfactory relationships with all employees.
  • A solid knowledge of banking regulations.
  • Proven ability to deliver quality work during times of increased volumes.
  • Excellent customer service skills.
  • Ability to adapt to changes in priorities quickly.
  • Interacts harmoniously, professionally, cordially and effectively with others, focusing upon the attainment of bank goals and objectives through a commitment to teamwork.
  • Strong written and verbal communication, interpersonal, time management and organizational skills.
  • Operational competency using Microsoft Office suite; Proficient in Outlook, Word and Excel and other Windows based applications; comfortable learning new software.
  • Strong attention to detail.
  • Commitment to ongoing learning.
  • Ability to work independently and as a team player.
  • Ability to read/see documents and computer screens, to communicate in person and via the telephone and to operate a computer and other office equipment.
  • Is dependable and conforms to punctuality and attendance standards.

Working Conditions:

  • Physical surroundings are generally pleasant and comfortable with protection from weather conditions but not necessarily from temperature changes.
  • May sit or stand with freedom of movement on a regular basis.
  • Extensive operation of computers and other office equipment requiring dexterity and coordination and frequent use of hands.
  • Able to travel to all bank locations.
  • Ability to lift items weighing approximately thirty-five pounds.

Those holding this position must be capable of performing all duties and responsibilities, either unaided or with the assistance of a reasonable accommodation, as determined by management.

The Bank has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the bank reserves the right to change this job description and/or assign tasks for the employee to perform, as the Bank may deem appropriate.