Vendor Management and Information Security Officer

Job Description

Job Description

To see specific benefits offered by Foresight Financial Group, Inc. and its subsidiary banks, please visit the following link : Foresight Financial Group, Inc. - Career Centers.

Hiring Manager : Brooke Crull

HR Partner : Nora Koehler

Organization Overview :

Foresight Bank is the largest, locally owned community bank in Northern Illinois, with fifteen offices in the counties of Winnebago, Stephenson and Kankakee. Foresight Bank is owned by Foresight Financial Group, Inc., an Illinois corporation founded in 1986, a financial holding company established under the Federal Reserve.

Position Summary :

The Vendor Management and Information Security Officer is responsible for maintaining an effective Vendor Management Program in compliance with all applicable laws, rules and regulations as well as the ongoing management of information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational information systems.

Primary Responsibilities :

• Establish and maintain a strong working relationship with the Executive team to optimize communications.
• Responsible for implementing, managing, and enforcing information security directives as mandated by GLBA.
• Ensure the ongoing integration of information security with business strategies and requirements.
• Ensure that the access control, disaster recovery, business continuity, incident response, and risk management needs of the organization are properly addressed.
• Lead information security awareness and training initiatives to educate workforce about information risks.
• Perform or manage ongoing information risk assessments and audits to ensure that information systems are adequately protected and meet GLBA certification requirements.
• Work with vendors, outside consultants, and other third parties to improve information security within the organization.
• Lead vendor management efforts to ensure adequate performance and security practices are in place including ensuring compliance with the third-party relationship risk management policy and program.
• Coordinate vendor management oversight including assignment of inherent risk ratings, record retention of contracts, annual due diligence materials and other related documents; annual review of due diligence reports and assignment of residual risk ratings; prescreening of prospective vendors; ongoing monitoring; and maintaining a tickler for key milestones such as renewals.
• Lead an incident response team to contain, investigate, and prevent future computer security breaches.
• Subscribe to threat notification networks, new regulations, and information sharing networks to stay current on requirements and new threats to the industry.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Competencies :

To perform the job successfully, an individual should demonstrate the following competencies. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Leadership : Provides strong leadership; sets a good example; skilled decision-maker; is approachable and is a subject matter expert in their area of expertise.

Judgement : Intuitive curiosity to investigate and follow through. Sound decision making abilities, working within the scope of responsibilities and seeking guidance where necessary.

Communicator : Advanced written and oral communication skills, speaking clearly, effectively listening, and clearly writing.

Organizational : Can establish a systematic course of action for self in order to accomplish objectives in an organized manner; determines priorities and allocates resources effectively, within established timeframes.

Technical : Working knowledge of Microsoft 365. Strong technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP / IP, intrusion detection systems, firewalls, etc.). In-depth knowledge of GLBA and other information technology regulations

Position Performance Standards :

Operates role within established policies and procedures.

Completes vendor management oversight and reporting requirements timely.

Performance Weightings :

40% Competencies

60% Position Performance Standards and Personal Goals

Qualifications :

High school diploma or general education degree (GED); Bachelor’s degree preferred . Minimum 5 years of bank experience, including vendor management responsibilities and management of both physical and logical information security systems. Advanced knowledge of banking regulations and internal controls. Hold and maintain one or more applicable information security certifications. Possess a valid driver’s license, reliable transportation and adequate auto insurance.