Salary Grade: 15

Exempt

JOB TITLE:  Information Security Officer * In-Person Position * 

REPORT TO:  SVP, CFO & Treasurer 

DEPARTMENT:  Information Security 

Position Summary:  This position is responsible for implementing, monitoring and reporting on the Information Security Program. The ISO provides training and enforcement in the area of corporate information security policies, standards, and procedures including regulatory requirements. The ISO assists department managers with risk assessments on systems & applications and products & services. The ISO must have particular expertise in multiple technology environments, risk assessments and regulatory requirements. The ISO serves as the principal communication link concerning information security between the departments, senior management and the Board. 

Functions:  

• Oversee the Information Security Program and Testing Plan.
• Communicate the Information Security Reporting to the Technology Committee and the Board of Directors.
• Maintain up to date knowledge of industry trends, current threats, and new vulnerabilities in information security and recommend appropriate solutions to manage risks.
• Develop and write new and revised policies and procedures where needed to comply with regulatory requirements and industry best practices.
• Oversee processes and systems to monitor threats to network security, may include intrusion detection, vulnerability assessment and remediation, firewall auditing and testing.
• Responsible for the Vendor Oversight Program and establishing the initial and on-going vendor requirements for evaluation based upon assessing the risk of the individual vendor.
• Responsible for coordinating the regular internal Penetration and Vulnerability testing.
• Assist departments in scheduling and completing Risk Assessments for products & services and systems & applications.
• Continually evaluate the Risk Assessment process to insure its effectiveness, appropriateness and relevance to particular product, system or service.
• Determine the potential long-term outcomes of a change in operations driven by technology.
• Provide oversight of the Identity Theft Prevention Program including establishing the red flags, maintaining the database and participation in information security walk-through testing.
• Lead information technology security projects.
• Provide oversight of departmental vendor choice and on-going risk assessment monitoring.
• Provide support for the Business Resumption Plan testing and updating.
• Responsible for the electronic and physical record retention and disposal program.
• Responsible for leading the bank’s Incident Response Plan, the bank’s Disaster Recovery Plan and the bank’s Pandemic Response Plan.
• Directly supervise the Data Management Specialist.
• Identify and assess information security training needs for bank-wide employees and the Board of Directors. 

Active participant in committees, including but not limited to:

• Technology Committee
• Management Committee
• Cybersecurity Workgroup
• Compliance Committee
• Business Resumption Team – Team Leader
• Incident Response Team – Team Leader
• Pandemic Planning Committee – Team Leader 

Knowledge, Skills, Requirements:

• Associates degree in a computer related or audit related field, along with five years relevant work experience.
• Independently monitor and manage projects.
• Schedule and prioritize own work assignments to meet expected timeframes.
• Compile and prepare technical, statistical and/or analytical reports and presentations.
• Analyze complex issues and develop/implement resolution alternatives.
• Have sufficient understanding of technology to assess risk and recommend systemic solutions to information security problems.
• Communicate effectively orally and in writing to all Bank constituents.
• Establish and maintain effective working relationships. 

Physical Demands and Condition Requirements: 

• General office environment. 

Equipment Used: 

• General office equipment, i.e., calculator, photocopier, etc.
• Computer, printer, scanner. 

ADA: The employer will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.