Corporate Security Officer/IS Officer (closed)
Education/Training: A B.S. or B.A. degree in Information Systems Management or a related field normally required; industry certifications in networking, operating systems, and security preferred.
Skill(s): Proficient reading, writing, grammar, and mathematics skills; proficient computer skills; proficient interpersonal relations and communicative skills; proficient knowledge of information technology and security functions including network administration, PC support, voice data communications, alarms and camera solutions; ability to lift items weighing fifty (50) lbs. or less; valid driver’s license; visual and auditory skills.
Experience: A minimum of four (4) years' experience in related positions normally required.
Responsible for overseeing and coordinating physical and information security across all divisions and departments; preparing and updating the physical and information security policies; researching and implementing solutions and procedures to ensure that all information systems are secure and safeguarded throughout the and in compliance with privacy and information security regulations and laws; working with Business Unit Managers to define and develop security implications for new business projects; performing at least annual risk assessment reviews for all systems; providing annual reports covering compliance with regulatory regulations and FFIEC guidelines to senior management and the Board of Directors; implementing strategies to achieve goals developed for the department as part of the Information Technology Division's annual operating plan; insuring the department's compliance with operating policies and procedures and outside regulatory requirements; organizing the work, activities, and human resources of the department; communicating with appropriate management and staff personnel; providing periodic reports.
- Oversees and coordinates physical and information security across all Divisions and departments by performing the following duties:
- Monitors security event logs and reports.
- Works with Business Unit Managers to develop business cases for new security projects and in the risk assessment of existing and planned information systems.
- Updates the Disaster Recovery and Business Continuity Policy, risk assessments, and programs; supports the Network Manager regarding business continuity and disaster recovery efforts for voice and data networks.
- Participates in the development and implementation of the appropriate and effective controls to mitigate identified threats and risks.
- Oversees incident response planning, as well as, the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary.
- Stays abreast of the latest industry security practices and technologies.
- Updates the Information Security Policy, the GLBA risk assessment, and the Gramm/Leach/Bliley Act (GLBA) - Customer Information Security Policy.
- Assists the CIO in coordinating the risk assessment process for new systems and technologies; updates the existing system and information technology risk assessments at least on an annual basis.
- Insures physical protection and restricted employee access to critical servers.
- Insures protection of the network perimeter to ensure authorized access and utilization.
- Deploys and manages appropriate technologies to restrict employee Internet access to appropriate sites.
- Deploys and manages appropriate technologies to protect employee e-mail and customer information exchanged electronically with third parties.
- Insures that employee access to application systems containing non-public customer utilize secure authentication.
- Performs industry research to insure that new threats, risks, and vulnerabilities are addressed.
- Documents and prepares reports, periodically, on new trends in IT and security risks and best practice changes in IT and security controls that could impact the Bank.
- Reports to the CIO and the Risk Management Committee changes regarding the effectiveness of IT and security controls deployed.
- Maintains the vendor relationship with the 24x7 perimeter monitoring service providers.
- Insures that all laptops storing non-public information are properly secured.
- Assists the Training Manager in preparing materials for information security education and awareness programs.
- Works closely with the Marketing Manager to insure timely posting and updating security awareness for customers.
- Posts appropriate security awareness information on the Intranet.
- Implements strategies to achieve goals assigned to the department as established in the Information Technology Division's annual operating plan; assists in the development of the annual Capital Budget for the department and adheres to budget parameters.
- Abides by the current laws and organizational policies and procedures designed and implemented to promote an environment which is free of sexual harassment and other forms of illegal discriminatory behavior in the work place.
- Cooperates with, participates in, and supports the adherence to all internal policies, procedures, and practices in support of risk management and overall safety and soundness and the compliance with all regulatory requirements, e.g. Community Reinvestment Act (CRA), Equal Credit Opportunity Act, etc.; insures that the department and all personnel adhere to the same.
- Specifically demonstrates knowledge of, and complies with, the Secrecy Act (BSA) and all BSA policies/procedures.
- Creates and maintains intranet page(s) to provide and communicate relevant security information.
- Communicates with the CIO/Information Technology/Deposit Operations/Marketing, other department managers, and appropriate staff personnel in order to integrate goals and activities.
- Provides periodic reports to the CIO/Information Technology/Deposit Operations/Marketing and other groups as required throughout the.