What are the responsibilities and job description for the Information Security Manager position at Glacier Bancorp?
About The Role
The Information Security Manager performs two core functions for the enterprise. The first is overseeing the operations of the enterprise’s security solutions through management of the organization’s security analysts, administrators, engineers and security systems. The second is establishing an enterprise security stance through standards, architecture and training processes. Secondary tasks will include the selection of appropriate security solutions, provide security expertise and guidance for all corporate projects, and the oversight of vulnerability audits and assessments. The Information Security Manager is expected to interface with peers in the IT department as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and cooperation.
The ability to motivate or influence internal or external senior level professionals is a critical part of the job, requiring a significant level of influence and trust. Obtaining cooperation and agreement on important outcomes via frequently complex, senior level dialogues, as well as a professional level of written communication skills are essential to the position.
This is a Corporate position located in either Montana or Idaho. The entry-rate for this position is $114,301.58/ per year (calculated for Kalispell, MT).
All compensation offers are analyzed individually and take into consideration multiple factors including but not limited to geographic location, years of experience, and educational background.
DUTIES AND RESPONSIBILITIES:
About You
QUALIFICATIONS:
EXPERIENCE:
EDUCATION/CERTIFICATIONS/LICENSES:
KNOWLEDGE, SKILL, ABILITY:
WORK ENVIRONMENT:
Must be able to routinely perform work indoors in climate-controlled shared work area with moderate noise level.
Must be capable of occasional travel (less than 10 days per year) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities.
PHYSICAL DEMANDS:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is often required to: sit; use hands in repetitive motions to finger, grasp, handle or feel; and talk or hear. The employee is occasionally required to: stand; walk; and lift or reach with hands and arms.
Must be able to operate routine office equipment including computer terminals and keyboards, telephones, copiers, facsimiles, and calculators.
Must be able to routinely perform work on computer for an average of 6-8 hours per day, when necessary.
Must be able to work extended hours or travel off site whenever required or requested by management.
Must be capable of regular, reliable and timely attendance. Must be capable of climbing / descending stairs in an emergency situation.
Specific lifting abilities required by this job include: Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.
Specific vision abilities required by this job include: The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading; visual inspection involving small defects, small parts, and/or operation/inspection of machines and/or using measurement devices at distances close to the eyes.
What We Offer
COMPENSATION & BENEFITS: Salary is dependent upon relevant experience. We offer an extensive benefits package that includes, but is not limited to, flexible health coverage options: medical/dental/vision (partially employer paid with competitive premiums), health rewards program, possible employer contribution to a Health Savings Account, Employee Assistance Program (EAP); life insurance; 401K retirement plan with immediate vesting (up to 3% employer match, 3% automatic employer contribution, and profit sharing); discounted banking products and services; paid vacation/sick days, and paid holidays.
COMPANY OVERVIEW: At Glacier Bancorp, our employees are our most valuable asset. We seek qualified individuals who enjoy people, are innovative and eager to learn. We are dedicated to providing opportunities for personal advancement and professional growth by investing in the tools and training needed to build a personalized career path for you.
No Recruiters or unsolicited agency referrals please.
The Information Security Manager performs two core functions for the enterprise. The first is overseeing the operations of the enterprise’s security solutions through management of the organization’s security analysts, administrators, engineers and security systems. The second is establishing an enterprise security stance through standards, architecture and training processes. Secondary tasks will include the selection of appropriate security solutions, provide security expertise and guidance for all corporate projects, and the oversight of vulnerability audits and assessments. The Information Security Manager is expected to interface with peers in the IT department as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and cooperation.
The ability to motivate or influence internal or external senior level professionals is a critical part of the job, requiring a significant level of influence and trust. Obtaining cooperation and agreement on important outcomes via frequently complex, senior level dialogues, as well as a professional level of written communication skills are essential to the position.
This is a Corporate position located in either Montana or Idaho. The entry-rate for this position is $114,301.58/ per year (calculated for Kalispell, MT).
All compensation offers are analyzed individually and take into consideration multiple factors including but not limited to geographic location, years of experience, and educational background.
DUTIES AND RESPONSIBILITIES:
Collaborate with IT staff to create and maintain system security standards for servers, routers, workstations, switches, and other network devices. Create and maintain security architecture diagrams and system configuration documentation. Assist in the creation and maintenance of best practices and specific policies, procedures, and standards to ensure customer data protection and compliance with laws and regulations. Ensures that change orders are submitted for all changes made to the production environment, and that tasks are worked in a timely manner. Maintain the IT Security Incident Response Plan by updating and testing the plan on an annual basis or more frequently if circumstances warrant. Create content and coordinate training for the IT security awareness training program.- Oversee, evaluate, recommend, and lead the implementation of security/monitoring systems (IDS/Firewall/VPN/Monitoring Systems/etc.). Create and maintain security operations procedures, in accordance to GBCI policies and/or industry best practices. Provide accurate and timely information to management in relation to the activation of the IT Security Incident Response Plan. Assist Chief Information Security Officer in network and system forensic investigations in response to information security event notifications and alerts. Makes proactive business decisions that limit the organization’s financial, regulatory, legal, and reputational risks.
- Perform in-depth testing of security controls, products and implemented configurations to ensure infrastructure is performing as intended and expected. Lead the gathering of requirements, analysis of solutions, and design of security systems necessary to meet the security needs of business initiatives. Maintain IT security/performance through testing, monitoring, and availability assessments. Coordinate and follow up on remediation of in-house penetration and vulnerability testing of systems and network security configurations. Identify and troubleshoot complex security issues in a timely manner. Responsible for overall effectiveness of technical IT security controls.
- Properly prepares for audits and examinations. Submits request list items timely, and makes team members available for auditors and examiners. Follow-up timely on remediation efforts assigned to department.
- Interacts and negotiates with vendors, business partners, and contractors regarding new and existing information security services and products. Analyze, research, and conduct long-range planning for new security hardware/software products, providing solutions for securing systems and network infrastructure. Responsible for facilitating the review and approval of routine maintenance activity on information security systems and services.
- Maintain and regularly update policies and operating procedures for assigned department or function. Implement consistent and standardized procedures and system parameters to insure adoption of best and most efficient processes. Ensure policy and procedures are being followed within workgroup. When issues, problems and incidents arise, ensure team acts with a sense of urgency to resolve the issue. Train and prep team so they know how to assess a situation and react with the appropriate intensity through problem resolution.
- Serve as a subject matter expert in areas of information security, privacy technologies, and security best practices to IT and bank staff. Assist in the development and proposal of information technology strategy and design solutions to provide a secure environment with high levels of user adoption. Provides guidance and expertise to various project teams for enterprise architecture and security strategy.
- Must comply with all company policies and procedures, applicable laws and regulations, including, but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control.
- Supports the use of project management by contributing to project teams, completing assigned responsibilities by established milestone dates, and effectively communicating with the project team. Supports and promotes the use of ITIL governance processes, including incident, problem, change, release, and configuration management.
- Partner with the CISO in maintaining IT Risk Management Program, including risk and vulnerability identification, reporting, tracking, and resolution. Collaborate with IT and business managers to effectively deliver information security services that provide adequate risk mitigation while enabling growth and change. Responsible for ensuring all suspicious or real network intrusions or security breaches are properly tracked and documented. Adheres to information security policies and promotes information security within IT and among the banks.
- Assist CISO in all phases of the SDLC process for all corporate projects in order to identify, mitigate, and monitor risks introduced by business initiatives. This includes helping identifying risks during project initiation phase, defining security requirements for product/vendor selection, designing security controls for product implementation, and ongoing security monitoring of production systems. Develop enterprise-wide security architecture and manage the operation of security infrastructure components to support secured information services. Lead the implementation-maintenance, and measurement of the 20 Critical Controls initiative.
About You
QUALIFICATIONS:
EXPERIENCE:
- 8 years experience in information security management, information security operations/network operations, or combination of, preferably in financial services or other highly regulated environment requried.
- 3 years of staff supervision experience required.
EDUCATION/CERTIFICATIONS/LICENSES:
- Bachelor's Degree or equivalent combination of education and experience is required.
- CISSP highly desired (Certification is required within 12 months of date of employment).
- CISA, CISM or GIAC certifications desired.
KNOWLEDGE, SKILL, ABILITY:
Knowledge and understanding of common information security management frameworks, such as ISO 27001, ITIL, COBIT, NIST and CCS Top 20 Critical Security Controls.- Knowledge and understanding of relevant legal and regulatory requirements included but not limited to: GLBA, HIPAA, SOX, PCI and FFIEC Guidelines.
- Expertise of information security technologies such as SIEM systems, firewalls, intrusion detection/prevention, data loss prevention, and vulnerability assessment tools.
- Advanced network packet analysis, vulnerability analysis, and network forensics experience.
- Expertise in responding to various types of security incidents.
- Experience with strategic planning, portfolio management, and/or application/technology road mapping.
- Broad security architecture design, planning and implementation experience.
- Advanced knowledge of cloud computing architectures.
- Cloud, Virtual, Wireless, Mobile technology exposure a plus.
- Strong security experience on Linux, Unix and Windows platforms.
- Ability to create and deliver security awareness training to company staff.
WORK ENVIRONMENT:
Must be able to routinely perform work indoors in climate-controlled shared work area with moderate noise level.
Must be capable of occasional travel (less than 10 days per year) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities.
PHYSICAL DEMANDS:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is often required to: sit; use hands in repetitive motions to finger, grasp, handle or feel; and talk or hear. The employee is occasionally required to: stand; walk; and lift or reach with hands and arms.
Must be able to operate routine office equipment including computer terminals and keyboards, telephones, copiers, facsimiles, and calculators.
Must be able to routinely perform work on computer for an average of 6-8 hours per day, when necessary.
Must be able to work extended hours or travel off site whenever required or requested by management.
Must be capable of regular, reliable and timely attendance. Must be capable of climbing / descending stairs in an emergency situation.
Specific lifting abilities required by this job include: Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.
Specific vision abilities required by this job include: The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading; visual inspection involving small defects, small parts, and/or operation/inspection of machines and/or using measurement devices at distances close to the eyes.
What We Offer
COMPENSATION & BENEFITS: Salary is dependent upon relevant experience. We offer an extensive benefits package that includes, but is not limited to, flexible health coverage options: medical/dental/vision (partially employer paid with competitive premiums), health rewards program, possible employer contribution to a Health Savings Account, Employee Assistance Program (EAP); life insurance; 401K retirement plan with immediate vesting (up to 3% employer match, 3% automatic employer contribution, and profit sharing); discounted banking products and services; paid vacation/sick days, and paid holidays.
COMPANY OVERVIEW: At Glacier Bancorp, our employees are our most valuable asset. We seek qualified individuals who enjoy people, are innovative and eager to learn. We are dedicated to providing opportunities for personal advancement and professional growth by investing in the tools and training needed to build a personalized career path for you.
Glacier Bancorp, Inc. is a regional bank holding company headquartered in Kalispell, Montana with assets greater than $11 billion, operating in numerous community bank divisions across 7 states (Montana, Idaho, Utah, Washington, Wyoming, Colorado and Arizona). We pursue a community banking philosophy, emphasizing personalized service combined with the full resources of a large banking organization. Over the years, Glacier Bancorp has received numerous awards for stability and soundness, and has repeatedly ranked among the top 10% in the nation for financial strength.
We are an Equal Opportunity Employer and qualified applicants or employees will receive consideration for employment without regard to race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, mental or physical disability, age, genetic information, protected veteran status, or any other category protected by applicable federal, state or local laws.
Glacier Bancorp, Inc. does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.
No Recruiters or unsolicited agency referrals please.
Salary : $114,302
