The Chief Information Security Officer ( 'CISO ') is an experienced, engaging, and visionary leader responsible for the Bank 's security program including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity, and access of electronic protected information and of monitoring program compliance as well as investigation and tracking of incidents and breaches and in compliance with federal and state laws.
- Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information this is owned, controlled, and processed within the Bank. Ensures information security policies, standards, and procedures are up-to-date and consistent with perceived threats to data in all forms.
- Facilitates risk assessments related to information security and risk management with business units.
- Initiates, facilitates, and promotes activities to foster information security awareness within the Bank.
- Creates a culture of cyber security both with IT and driving behavioral changes for the business.
- Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
- Manages security incidents and events involving electronic protected information.
- Ensures that the disaster recovery, business continuity, risk management and access controls needs of the Bank are addressed.
- Ensures the Bank complies with the administrative, technical, and physical safeguards.
- Collaborates with Senior Management to establish governance for the security program.
- Serves in a leadership role for security compliance.
- Works closely with Compliance to ensure alignment between security and privacy compliance programs including policies, practices, and investigations, and acts as a liaison to the information systems and compliance departments.
- Is responsible for initial and periodic information security risk assessment/analysis, mitigation and remediation. Is also responsible for development and implementation of security risk management plan.
- Ensure the Bank has audit controls to monitor activity on electronic systems that contain protected information.
- Oversees periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, updates, edits, and printing.
- Ensures the Bank has and maintains appropriate system use and disclosure/confidentiality statement.
- Oversees, develops and/or delivers initial and ongoing security training to the workforce. Initiates, facilitates, and promotes activities to foster information security awareness within the Bank and related entities.
- Establishes and administers a process for investigating and acting on security incidents which may result in a privacy breach breaches.
- Maintains current knowledge of applicable federal and state security laws, licensing, and certification requirements and accreditation standards.
- Serves as information security consultant to all departments for all data security related issues.
- Assists with overall technology planning
- Bachelor 's degree in information Systems, Computer Science, Information Systems, or a related discipline preferred.
- Certified Chief Information Security Officer (CCISO) and Certified Information Systems Security Professional (CISSP) required.
- Information Systems Security Engineering Professional (ISSEP), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Security Auditor (CISA) a plus.
- 10 to 15 years of information system experience preferably in a U.S. bank of $15 billion or greater in asset size with network experience.
- Knowledge and experience in state and federal information security laws.
- Demonstrated organization, facilitation, written and oral communication, and presentation skills.
- Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals.
- Demonstrated skills in verbal communication and listening, writing, and providing excellent service to customers.
- A high level of integrity and trust.
- Proven ability to initiate and manage projects that will affect other departments and functions, as well as the corporate environment.