The Information Security Officer (ISO) is responsible for overseeing and reporting on the management and mitigation of information security risks across the institution. The position also functions as an enterprise-wide risk manager for the organization.
The ISO is responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. The ISO works in conjunction with the information Technology Department to procure cybersecurity products and services and to manage disaster recovery and business continuity plans.
Implementing the information security strategy and objectives, as approved by the board of directors, including strategies to monitor and address current and emerging risks
Engaging with management in the lines of business to understand new initiatives, providing information on the inherent information security risk of these activities, and outlining ways to mitigate the risks
Working with management in the lines of business to understand the flows of information, the risks to that information, and the best ways to protect the information
Monitoring emerging risks and implementing mitigations
Informing the board, management, and staff of information security and cybersecurity risks and the role of staff in protecting information
Directing employee security awareness and training programs
Participating in industry collaborative efforts to monitor, share, and discuss emerging security threats
Reporting significant security events to the board, steering committee, government agencies, and law enforcement, as appropriate
Creating and implementing a strategy for the deployment of information security technologies
Performing IT security risk assessments and reporting on ways to minimize threats
Monitoring security vulnerabilities and hacking threats in network and host systems
Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
Ensuring business continuity
Implementing an effective process for the reporting of security incidents
Overseeing the investigation of reported security breaches
Developing strategies to handle security incidents and trigger investigations
*Equal Opportunity Employer Veterans/Disabled*
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. An individual must have the ability to work efficiently in a multi-task, high volume environment. The requirements listed below are representative of the knowledge, skill, and/or ability needed to perform job duties.
Education/Experience: Bachelor’s degree in Computer Science or related technical field, specific knowledge of IT security and financial institution regulations and compliance.
Computer Skills: Advanced knowledge of computer systems and software.
Communication Skills: Ability to communicate verbally and in writing at a senior management level.
Reasoning Skills: Ability to apply reason and critical understanding at a senior management level. Ability to deal with problems involving several concrete variables in a variety of situations.
Personal Appearance: In compliance with Employee Handbook.