The Information Security Officer (ISO) is accountable for ensuring appropriate controls are in place for the security of information assets. The ISO safeguards information by seeing that security risks are identified, assessed and accurately reported. Additionally, the ISO is charged with ensuring local procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines and standards. The ISO is the center of competence for Information Security providing an advisory services role and acting as the focal point for security compliance related activities and responsibilities, including social media.
Essential Duties & Responsibilities
To perform this position successfully, an individual must be able to perform each essential duty and responsibility satisfactorily.
- Diligently maintain the Bank's Information Security Framework and underlying policies, procedures, standards and guidelines.
- Take the lead on developing, maintaining and updating the Information Security Strategy and Information Security Program.
- Actively ensure appropriate administrative, physical and technical safeguards are in place to protect the Bank's information assets from internal and external threats.
- Meticulously identify, introduce and implement appropriate procedures, including checks and balances, are in place to test these safeguards on a regular basis.
- Thoroughly conduct and complete annual reviews and audits as required engaging both internal business partners across the organization and external resources.
- Make it a priority to see that disaster recovery and emergency operating procedures are in place and tested on a regular basis.
- Act as the committed owner of the security incident and vulnerability management processes from design to implementation and beyond.
- Passionately manage and assist in performing on-going security monitoring of information systems including assessing information security risk through qualitative risk analysis on a regular basis, conducting functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements, evaluating and recommending new information security technologies and counter-measures against threats to information or privacy, and developing security reports and dashboards.
- Ensure effective staff training programs are in place to increase security awareness across the Bank.
- Maintain and encourage open and honest business relationships within the team and throughout the organization and vendors.
- Present at least annually the IT and cyber security risk assessments to the Board. In addition, you will present the same information at least quarterly to the Executive Management Team.
- Collaborate with your peers and stakeholders to add to the collective innovative thinking that can drive new business ideas.
- Utilize Lean methodology to streamline work processes and realize cost and resource efficiencies.
- Perform other duties as assigned by management.
- This position may supervise other employees with in the assigned department.
The requirements listed below are representative of the knowledge, skills, and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Demonstrate an in-depth knowledge of Information Security risk and industry best practices.
- Be aware of and mitigate enterprise risk factors and ensure compliance with applicable regulations, legislation and Forcht Bank's policies and procedures.
- Be quick to respond to requests for service from all of your clients.
- Be flexible and adaptable to changing priorities while keeping your eye on the prize.
- Possess exceptional problem solving and negotiation skills.
- Openly share your knowledge with the team. Have the ability to create and present presentations.
- Working knowledge of Microsoft Office products and bank information systems.
- Ability to exercise judgment and discretion in handling sensitive documents or other confidential information.
- Ability to work with a team and members of other departments of known concepts.
- Ability to effectively communicate both orally and in writing in order to convey information tactfully and effectively to all levels of employees and customers.
- Ability to give full attention to what other people are saying; taking time to understand points being made, asking questions as appropriate, and not interrupting at inappropriate times.
- Knowledge of the structure and content of the English language including the meaning and spelling of words, rules of composition and grammar, including the ability to comprehend written sentences and paragraphs in work-related documents.
- Ability to manage time and be efficient and effective in the completion of assignments.
- Ability to establish productive business interpersonal relationships with others inside and outside the organization and to work with little direct supervision in carrying out the responsibilities assigned.
- Ability to work well under pressure.
- Ability to embrace and support the Bank’s management philosophy.
- Ability to effectively manage time and multiple projects with minimum supervision.
Physical Demands and Abilities
The physical demands and work environment characteristics described herein are representative of those that must be met by an employee to successfully perform the essential duties of this job. Reasonable accommodation will be made to enable individuals with disabilities to perform the essential functions.
- Ability to listen to and understand information and ideas presented through spoken words and sentences.
- Ability to communicate information and ideas in speaking and writing so others will be able to understand.
- Ability to identify and understand the speech of another person.
- Ability to see details at close range (within a few feet of the observer).
- Ability to tell when something is wrong or is likely to go wrong and generate appropriate solutions or responses.
- Ability to analyze a situation and select the appropriate course of action on matters involving significant risks or consequences.
- Ability to sit for long periods of time.
- Ability to demonstrate manual dexterity through use of typing on a keyboard, sorting through paperwork, reaching and grabbing objects.
- Ability to stand, bend, and lift up to 10 pounds.
- Ability to operate standard business equipment such as a fax, computer, printer, copier, etc.
- Ability to look at a computer screen for several hours.
- Be willing to work flexible hours including evenings and weekends as the job demands and travel as required
Required Education and Experience
- Bachelor’s Degree in the field of computer science and/or information security.
- 3 years’ security related work experience, preferably with a financial institution.
- Prefer recognized industry certification such as CISSP, CISSLP, GIAC or other security certification at a similar level.
- May be required to attend activities outside the bank to stay abreast of new developments, best practices, and statutory and regulatory changes.
- Pursuant to the Drug Free Workplace Act of 1988, all employees must remain drug free and alcohol free when reporting to work and while engaged in any work related activities.
- Must adhere to all Bank Secrecy Act regulations and requirements.
This document and the statements contained within it are intended to describe the general nature and level of work being performed by the employee assigned to this position. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of the employee.
- Forcht Bank is an Equal Opportunity Employer –