The Information Security Officer is responsible for oversight of the Information Security Department. This position is also responsible for the execution of the Bank’s Information Security Physical Security Data Governance and Business Continuity Programs.
Develop implement and monitor a strategic comprehensive enterprise information security program to ensure the integrity confidentiality and availability of data. Document and maintain a risk assessment framework covering information and physical security data governance and business continuity. Develop and maintain information security policies standards and guidelines.Oversee the approval training and dissemination of security policies standards and guidelines.Develop and oversee effective business continuity and disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure systems are recovered in the event of a security event. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Manage security incidents and events to protect corporate IT assets including intellectual property regulated data and the company's reputation.Partner with the Enterprise Risk Management to define standards and processes and provide subject-matter expertise to oversee vendor information security risk and inform periodic audits of third-party service providers' information security and business continuity controls. Provide regular and consistent reporting on the current status of the information security program to enterprise risk teams senior business leaders and the board of directors as part of the strategic enterprise risk management programProvide strategic risk guidance for IT projects including the evaluation and recommendation of technical controls.Define and facilitate the information security risk assessment process including the reporting and oversight of treatment efforts to address findings. Develop and manage information security budgets and monitor them for variances.
Must have 10+ years’ experience in banking regulatory compliance or similar work experience in compliance or risk management.Must have extensive knowledge of privacy and data protection laws regulations and best practices including GLBA; GRC tools and implementation; data breach handling and cross-border data transfer requirements and industry standards/frameworks (NIST ISO27k COBIT 5 FFIEC).Strong presentation and written communication skills and the ability to analyze and make effective business-centric recommendations to business leaders and senior management.Experienced developing a comprehensive security program including risk assessment framework.Must have security certification CISM CISSP or equivalent.