The Information Security Officer is responsible to overseeing and reporting on the management and mitigation of information security risks across the Bank and is accountable for the results of this oversight and reporting, and for implementing the Bank's Information Security Program and related information security strategy and objectives, as approved by the Board of Directors. This position will also be responsible for the oversight of Vendor Management.
- Oversee and report on the management and mitigation of information security and vendor risks across the Bank.
- Monitor and address current and emerging risks; advise senior management and the board audit committee of developing and implementing information technology architecture safeguard strategies and controls to mitigate risks and accommodate current and future organizational needs.
- Conduct ongoing information security compliance monitoring activities.
- Report significant security threats to senior management and the board audit committee.
- Independent vendor risk assessment, both initially and ongoing.
- Ensure compliance with regulatory requirements and internal policies for both information security and vendor management.
- Ensure the physical security program is sufficient to mitigate risk.
- Implement the Bank's information security program and related information security strategy and objectives.
- Assist in migrating information assets and environments into compliant, secure systems, if needed.
- Manage security testing platforms including leading forensic investigations and mitigation procedures.
- Review configuration and updates to ensure software and infrastructure are protected.
- Review and assist in writing privacy related policies and procedures.
- Execute security training programs of the Bank.
- Participate in industry collaborative efforts to monitor, share, and discuss emerging security threats including physical security; maintains advanced knowledge and awareness of financial industry technical status and trends.
- Assure audit compliance and procedure quality control through internal and external reviews; recommend and initiate corrective actions; and ensure system resources are in compliance with established bank policies, procedures, and state and federal laws and regulations.
- Participate in major information technology projects for the Bank.
- Assume responsibility for special projects; gather data and prepare reports.
- High Level Architecting and Design of Network (WAN, LAN, DR, Vendor Networks, DMZ, etc.) ensuring high level of up time, redundancy, and reduced cyber security liability/risk.