What are the responsibilities and job description for the Information Security Officer position at M C Bank and Trust Co.?
Job Description:
The Data Security Officer is responsible for developing and maintaining the Corporate Information Security Program and additional operational risk assessments and procedures as necessary. Additional responsibilities include ensuring that all operational and technology policies and procedures are current and aligned with industry’s best practices and regulatory requirements. Facilitates testing and documentation of the Business Continuity and Disaster Recovery Program.
Expectations:
- Develops and maintains Information Security Program including information security policies, procedures and guides.
- Understands current regulatory requirements and evaluates compliance with appropriate regulations and guidance (FFIEC, FRB, SOX, GLBA, etc.).
- Prepares Annual Information Security Board Report which is presented to the Board of Directors to demonstrate compliance with regulations and guidance and includes status and significant changes in Information Security risks, practices, audits, and projects.
- Develops and maintains Information Security Risk Assessments including IT Risk Register and Internet Banking Risk Assessment for compliance with regulatory requirements.
- Reviews audit findings and testing results for possible inclusion in Information Security Risk Assessments.
- Provides guidance and assistance as needed or requested for IT Governance including Key Risk Indicators and status reports to Board Risk Committee and the Board of Directors.
- Develops and maintains Computer Security Incident Response Plan and serves as Incident Coordinator for the Plan and Tabletop Exercises conducted to test the Plan.
- Maintains Business Impact Analysis and facilitates the maintenance, documentation and testing of the Business Continuity and Disaster Recovery plans for the organization.
- Creates companywide security and risk awareness through a Security Awareness Education Program composed of email blasts during the year and National CyberSecurity Awareness Month, as well as other educational information posted on the Information Security Sharepoint site.
- Defines requirements and monitors completion of Annual Information Security Training and Information Security Acknowledgment for all associates through partnership with Human Resources.
- Provides oversight for System Access processes including review and approval of System Access requests.
- Serves as Data Security representative on projects as needed.
- Assists with Change Management Program.
- Other duties as assigned.
Qualifications and Education Requirements:
- Bachelor's degree in Information Technology, Accounting, Business Administration/Finance or Banking School Certified, and/or equivalent work experience required
- Banking experience is strongly preferred
- 5-10 years information security audit or management experience required
- 3-5 years of supervisory or team management experience preferred
- 2-5 years of experience preparing executive level reports/summaries
- Must possess excellent verbal, written, communication, analytical and problem-solving skills
- Possess the ability to lead effectively in complex situation
- Have the ability to work effectively independently
- Intermediate to advanced experience in Microsoft Word/Excel/ PowerPoint/Project/PowerApps, SharePoint experience is preferred.
CERTIFICATES, LICENSES, REGISTRATIONS
ABCP, CFCP, CBPC, MBCP
Ex: CPA, Series 6 or 7 license
CISA or CISM desired.
M C Bank is an Equal Opportunity / Affirmative Action employer, committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, religion, sex, sexual orientation, age, national origin, disability, protected veteran status, or any other factor protected by applicable federal, state, or local laws. All hiring decisions are based on qualifications, merit, and business needs.
