Information Security Officer

POSITION SUMMARY

As the Information Security Officer (ISO), you will work with our Risk and Technology leaders to define, implement, and maintain secure practices across the Bank ensuring that the Information Security Management Program is aligned with our enterprise risk profile and assets are adequately protected. The ISO will be a strategic partner in building a top-rated security and privacy program-owning initiatives of security governance, risk, security operations, assurance and trust. This role is highly visible in the bank and requires a high level of professionalism and self-awareness. In this role, you are required to be extremely flexible to meet the overall demands of the department and ultimately the bank.

JOB REQUIREMENTS

• High school diploma or equivalent required
• Understanding of firewalls, proxies, SIEM, antivirus, intrusion detection systems and related concepts required
• Bachelor of science in information technology, network security or related field preferred
• Minimum of 3 years’ experience in information security, information technology, network security or related field preferred
• Relevant information security certificates (CISSP, CISA, CISM, etc.) are preferred

COMPETENCIES

• Possess a high degree of attention to detail and analytical abilities
• Possess excellent interpersonal, written and oral communication skills
• Be self-motivated, energetic and outgoing, with ability to interact with all personalities
• Ability to be goal oriented and to develop long range goals
• Possess assessment and plan development skills
• Be self-sufficient with minimal management oversight or supervision
• Ability to have knowledge of and handle confidential company information
• Ability to be well-organized and prioritize duties and projects
• Ability to execute while leading, developing and motivating staff

DUTIES AND RESPONSIBILITIES

• Identify, assess, measure and monitor information security risk by performing independent risk assessments. Includes both in house systems and vendor bases solutions covering information security, business continuity and compliance risk
• Assess the current state of Bank of Tennessee security practices, highlighting areas for immediate improvement and long-term changes
• Develop, implement and monitor a strategic, comprehensive information security risk management program that is informed by industry best practice and aligns with Lead Bank’s risk profile and risk management processes
• Demonstrate a mindset that appropriately balances operational excellence and continuous improvement
• Maintain a strategic roadmap that optimally supports our ongoing needs as we continue to grow and scale
• Generate “security-first” practices, policies and procedures
• Maintain relevant performance metrics associated with security operations
• Assess access control, roles and permissions for critical systems to enforce effective security control objectives
• Work with the security team to perform tests and identify vulnerabilities
• Identify and communicate recommended security and business continuity controls and control deficiencies for business units.  Document and monitor the implementation of controls for technology and business project plans
• Assist with vendor management due diligence and business continuity plans to ensure adequacy and appropriateness of contracts and related security measures
• Identify opportunities for security improvements by assessing current situation through testing, evaluating performance trends, and anticipating requirements
• Maintains technical knowledge and best practices in the information security and business continuity fields
• Act as Chair of the Information Security Committee
• Provide security reports to Audit Risk
• Maintain compliance with all applicable federal and state laws and regulation
• Maintain compliance with regulations and bank policies and procedures, including the Bank Secrecy Act (BSA) and the Office of Foreign Assets Control (OFAC) requirements
• Actively support the ongoing development of a culturally diverse workforce
• Complete other duties as assigned as determined by management to be reasonable and beneficial

PHYSICAL REQUIREMENTS

You will regularly sit stationary at a workstation, constantly operating a computer or other office machinery in order to complete your job functions. You will frequently communicate with other employees through various channels such as talking, listening, and typing. You will stand and walk occasionally. Occasional travel may be required.