Information Security Officer

MAJOR FUNCTION:
The Information Security Officer is responsible for the ongoing management of information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational information systems and assets.

RESPONSIBILITES:
1. Serve on the IT Committee.
2. Directly manage or oversee security processes defined within the Information Security Program.
3. Responsible and accountable for the day-to-day implementation and management of the Information Security Program.
4. Create and maintain information security documentation, policies and procedures.
5. Ensuring that all information security policies, processes, and procedures are well defined, documented, communicated and published appropriately.
6. Implement, manage, and enforce information security directives as mandated by GLBA.
7. Assessing current cyber security capabilities, identifying opportunities to fortify current capabilities, and leading the efforts to implement the actions needed to elevate the organizations security capabilities.
8. Make recommendations to management on enhancements to existing and new security hardware, software or related tools. Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools.
9. Ensure security best practices are identified and integrated into all facets including acquisition and development, network, system designs/configuration, and implementations.
10. Recommend and enforce technical service level standards and procedures for information security.
11. Ensure the ongoing integration of information security with business strategies and requirements.
12. Ensure that the access control, disaster recovery, business continuity, incident response, and risk management needs of the organization are properly addressed.
13. Lead information security awareness and training initiatives to educate workforce about information risks.
14. Perform or manage ongoing information risk assessments and audits to ensure that information systems are adequately protected and meet GLBA requirements. Prepare and present the annual GLBA report to the Board of Directors.
15. Work with vendors, outside consultants, and other third parties to improve information security within the organization.
16. Lead vendor management efforts to ensure adequate performance and security practices are in place.
17. Perform risk assessments on IT assets (hardware, software, systems) as well as vendors.
18. Serve on the incident response team to contain, investigate, and prevent future computer security breaches.
19. Have the authority to respond to an information security event by ordering emergency actions to protect the institution, its employees, and its customers from loss of information and value.
20. Maintain continuous knowledge of security and policy legislation, regulations, guidance, advisories, alerts, and vulnerabilities.
21. Subscribe to threat notification networks, new regulations, and information sharing networks to stay current on requirements and new threats to the industry.
22. Obtain sufficient knowledge, background, and training; including, but not limited to, annual information security and cybersecurity training.
23. Complete all initial and annual training requirements as outlined by ASBT.
24. Perform all other duties as required, consistent with the goals, objectives and responsibilities of the Information Security Program.

QUALIFICATIONS:
1. Experienced in the management of both physical and logical information security systems
2. Knowledge of technical security controls (application and operating system hardening, vulnerability assessments, security audits, intrusion detection systems, firewalls, SIEM, etc.)
3. Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
4. Must possess a high degree of integrity and trust along with the ability to work independently
5. Excellent documentation skills
6. Ability to weigh business risks and enforce appropriate information security measures

SPECIAL REQUIREMENTS:
1. Confidentiality and tactfulness in dealing with bank and customer information is mandatory.
2. Ability to conduct relationships with co-workers, customers, the community and the overall public in a manner which will enhance the bank's image and comprehensive marketing effort.
3. Will be called upon from time to time to participate with community organizations and projects.

EDUCATION AND EXPERIENCE:
A bachelor's degree in business administration, computer science or a technology-related field or the equivalent in current and relevant work experience.

PHYSICAL DEMANDS:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle or feel; reach with hands and arms; and talk or hear. The employee is required to stand and walk. Specific vision abilities required by this job include close vision and ability to adjust focus. Some research may be involved which would require the employee to be mobile to access copy machines and various files located throughout the bank. This is an on-site position only. 

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.