What are the responsibilities and job description for the Information Security Officer position at Indigo?
We are recruiting to place an Information Security Officer with a financial institution in College Station, TX. The Information Security Officer will be responsible for planning, implementing, and maintaining information security controls to safeguard the Bank’s corporate, customer, and employee data against intentional or unintentional disclosure, modification, or destruction while ensuring the confidentiality, integrity, and availability of the Bank’s information assets.
Information Security Officer Job Responsibilities
- Oversee the Information Security Program, including policies, procedures and standards while adhering to suitable information security frameworks and relevant best practices
- Maintain effective information security and asset-based risk assessments designed to evaluate inherent risks, controls, and residual risks; ensure appropriate security controls and processes are in place to mitigate residual risks
- Oversee the Information Security Awareness Program, including ongoing development and training
- Maintain the Incident Response Policy and procedures, and co-leads with the Bank’s Security Officer on the Bank’s Incident Response Team, including ongoing development, training, and testing
- In conjunction with the IT Director, maintains the Business Continuity Program, including ongoing development, training, and testing
- Analyze current business processes and future projects to determine applicable information security and possible business continuity requirements and provide best practice recommendations
- Maintain the Vendor Management Program, including oversight of the ongoing review of vendors and contracts
- Establish and maintain professional relationships with employees, service providers, industry experts, regulatory agencies, and law enforcement
- Maintain the Identity Theft/Red Flags Program, Corporate Account Takeover (CATO), including ongoing development and training , in conjunction with the Vice President, Deposit Operations Officer.
- Monitor and evaluate applicable regulations, industry trends, and best practices; implement changes to policies, procedures, and standards when needed to ensure compliance
- Subscribe to and participate in various information security forums hosted by industry and regulatory agencies, including the Federal Reserve’s Information Security and Cyber Threat Forum and the Massachusetts Bankers Association’s Chief Information Officer (CIO) Sessions
- Discuss and promote various information security topics for various committees
- Report monthly information security summaries and annual program updates to the Board of Directors, including incident response items
- Review security-related controls and systems to ensure compliance with bank policies and procedures; follow-up on detected security issues and implements solutions to reduce security risk
- Reviews security-related controls on a daily, weekly, and monthly basis. Logs, and reports, including those for anti-virus, email, firewall, IPS/IDS, operating system, patch, VPN, vulnerability scans, and web traffic; escalate concerns and issues of non-compliance with the Bank’s policies, procedures, and standards for potential risk mitigation or risk acceptance
- Participate in internal and external audits and reviews applicable to information security, including information technology and privacy
- Participate in Community Reinvestment activities; may participate in selected community or civic organizations and target and meet community needs through product development and promotion
- Meet compliance/audit goals and objectives, as well as company strategic goals
- Attend Board meetings, Compliance Committee, Audit Committee, Information Technology Steering Committee, and manager meetings as required
Information Security Officer Education, Experience, and Skills
- Bachelor’s degree in Computer Information Systems, Information Security, or a technology- related field
- Minimum 5 years’ experience in an information security or information technology required; banking/financial service experience preferred
- Current Certified Information Systems Security Professional (CISSP) or willingness to obtain certification is required.
- Strong knowledge and experience in information security/asset-based risk assessments, data protection, patch/vulnerability management, architecture hardening and security (e.g., firewalls, virtualization, Windows OS)
- Strong knowledge of regulatory bodies and regulations issued by these bodies, including the Federal Reserve Board, FFIEC, and FinCEN
- Strong knowledge of privacy laws, such as the Gramm-Leach-Bliley Act (GLBA)
- Experience with business continuity planning and/or vendor management is preferred
- Experience with the Microsoft Office Suite
- Exceptional communication skills with the ability to interact with all levels of an organization
- Strong presentation skills; policy writing experience
- Minimal travel may be required for attendance at seminars and/or meetings
- Excellent interpersonal skills
- Ability to adapt to a fast-moving threat landscape, and keep pace with new thinking and technologies
- Efficient multitasking and time management
- Creative thinking skills
Job Type: Full-time
Pay: Up to $100,000.00 per year
Benefits:
- 401(k)
- Dental insurance
- Health insurance
- Paid time off
- Vision insurance
Schedule:
- Monday to Friday
Supplemental pay types:
- Bonus pay