Information Security Officer (Hybrid or Remote)

1fb.net inc is an internet development company that focuses on developing internet channels, product strategies and robust technologies for delivering the Bank's products and services to its customers. 1fb.net inc is a wholly owned subsidiary of 1st Financial Bank USA.

Title:  Information Security Officer  

Location:  Dakota Dunes, SD (hybrid or remote position for SD)  

Job Overview:   

The Information Security Officer has primary responsibility for oversight of the Bank’s Information Security Program, focusing on operational management, ongoing risk assessments, regulatory compliance, and board-level reporting. This includes chairing the Information Security Committee, providing clear and concise reports to executive leadership, and maintaining a cohesive security posture enterprise wide. While a vCISO service provides strategic design and establishment of the overarching security framework, the Information Security Officer ensures it is effectively implemented and continuously refined to address emerging threats, meet regulatory expectations, and align with the organization’s risk tolerance.

Job Responsibilities:

1.    Oversee the Information Security Program

o    Provide operational oversight for the Bank’s security controls, policies, and procedures.
o    Continuously monitor program effectiveness, identifying gaps or areas for improvement and collaborating with internal teams to address them.

2.    Chair the Information Security Committee

o    Schedule, facilitate, and document all committee meetings, ensuring key stakeholders stay informed about threats, regulatory changes, policy and security initiatives.
o    Track open issues, ensure timely resolution and clear lines of accountability.

3.    Risk Assessment & Management

o    Conduct ongoing risk assessments to identify and evaluate threats, vulnerabilities, and gaps in current controls, coordinate remediation efforts in collaboration with relevant stakeholders.
o    Maintain documentation of mitigation activities, ensuring alignment with the Board of Director’s overall risk appetite.

4.    Board & Executive Reporting

o    Prepare and deliver regular reports to executives and the Board of Directors, highlighting critical risks, security incidents, and progress on key initiatives.
o    Translate technical security findings into actionable insights and recommendations for senior decision-makers.

5.    Policy & Procedure Administration

o    Manage the development, review, and maintenance of the Bank’s information security policies and procedures, ensuring they meet FDIC, FFIEC, GLBA, and other applicable regulatory requirements.
o    Communicate policy updates effectively across departments, ensuring understanding and consistent adoption.

6.    Regulatory Compliance & Audit Coordination

o    Serve as the Bank’s primary liaison for information-security-related audits and examinations.
o    Coordinate the preparation of required documentation and responses, working cross-functionally to address any findings or recommendations issued by regulators or auditors.

7.    Incident Coordination & Response

o    Oversee incident response efforts in collaboration with relevant internal teams; ensure incidents are managed efficiently, escalated as needed, and fully documented.
o    Interface with the vCISO or external forensic/legal experts when complex or high-severity incidents require strategic guidance or specialized support.

8.    Security Awareness & Training

o    Develop, deliver, and continually refine the Bank’s security awareness and training programs, ensuring employees understand their role in protecting data and maintaining compliance.

9.    Third-Party Oversight

o    Manage relationships with external security vendors and managed service providers, ensuring that day-to-day services meet agreed-upon standards and contribute to the Bank’s risk mitigation goals.
o    Review security-related vendor performance and help negotiate relevant contracts, in coordination with the vCISO or other stakeholders as appropriate.

10.    Collaboration with vCISO Service

o    Maintain a close working relationship with the vCISO to align strategic priorities, share risk assessment outcomes, and ensure the Bank’s operational security efforts remain in sync with the broader program design.
o    Provide input and feedback on any recommended framework updates or strategic adjustments.

11.    Other Duties as Assigned

o    Undertake additional responsibilities to bolster the Bank’s security posture and ensure continued alignment with evolving regulatory and industry standards. 

Qualifications:

Education:

•  Bachelor’s degree (or equivalent experience) in Information Security, Computer Science, or a data security discipline. 

Experience:

• Minimum of four years in a regulated financial environment with security and IT responsibilities.
• Demonstrable experience managing an information security program in a banking or financial institution context.
• Familiarity with FDIC, FFIEC, GLBA, and other relevant regulations, as well as a working knowledge of security frameworks (NIST preferred). 

Technical & Regulatory Knowledge

• Solid understanding of security operations, regulatory expectations, and risk management methodologies.
• Knowledge of common security tools and practices used to identify, monitor, and mitigate threats.

Skills & Competencies

• Leadership & Coordination: Proven ability to chair committees, lead cross-functional teams, and manage complex initiatives.
• Risk & Compliance Mindset: Skilled at identifying operational security risks, implementing mitigation plans, and monitoring progress under regulatory constraints.
• Communication: Adept at translating technical findings into executive- and board-level insights; comfortable delivering presentations and written reports.
• Collaboration: Experienced in working with external providers (e.g., vCISO) and internal teams to ensure seamless integration of strategic directives and day-to-day practices.
   

We provide a highly competitive and comprehensive compensation and benefits program including affordable medical/dental/vision insurance, generous paid leave program, 401(k), health savings account, tuition reimbursement, financial childcare assistance and much more!

1fb.net inc is an equal opportunity and affirmative action employer. 

All qualified applicants will receive consideration without regard to their race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
 

                                                            1fb.net inc participates in E-Verify

E-Verify Right to Work Poster (justice.gov)