What are the responsibilities and job description for the Information Security Officer position at MSCCN?
Job Summary Responsible for the strategy, planning, management, and reporting of the Bank's information security program to ensure operations are consistent with the Bank's mission and strategic objectives. Evaluates controls over information security, business process design and continuity, data processing, and vendor relationships. Maintains a current understanding of the IT threat landscape for the industry and translates that knowledge to identification of risks and actionable plans to protect the business. Ensures security policies and procedures are communicated to all personnel and that compliance is enforced. The Information Security Officer also serves on cross-functional committees as a trusted advisor and is responsible for the Information Security Committee. Duties and Responsibilities Management Responsible for management, supervision, and direction of all information security (IS) activities and ensures duties and responsibilities assigned to various departmental members and vendors are documented and carried out. Responsible for the creation and maintenance of information security policies, procedures, minimum requirements, security awareness, training campaigns and management reporting. Responsible for developing and providing the day to day oversight of the information security program across the Bank which includes IT risk assessments, vendor assessments, business continuity plan, computer security incident response, and coordinating the response to auditors and regulators for all security related matters. Responsible for the management of all activities related to the development, deployment, and maintenance of security systems and vendor relationships. Monitor for security issues, vulnerabilities, and hacking threats across network and systems. Responsible for investigation of computer security events lifecycle including identification and implementation of solutions to reduce security risks. Strategic Focus Participate in strategic planning and budgeting processes. Align Bank's mission and strategic initiatives with departmental objectives. Working with the IT Manager, Chief Information and Technology Officer, Information Security Committee, and Enterprise Risk Management (ERM) committee to develop and implement long term strategic changes. Leadership Responsible for implementing the information security strategy and objectives, including strategies to monitor and address current and emerging risks. Advise and consult with business lines, technology service providers and project teams to understand the risks and ensure effective implementation of controls. Acts as chair of the Bank's information security committee. Responsible for conducting meetings with key members of management to ensure goals of the committee are met. Risk Management Evaluate the maturity of the IS program against cybersecurity frameworks. Establish and monitor metrics that demonstrate threats in a way the Bank can understand and take action appropriately. Assess information security risk through qualitative risk analysis on a regular basis and conducting functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements. Serves as guest of the ERM committee. As a guest, responsible for assessing the cybersecurity risks associated with new technologies, and vendors; ensuring that adequate controls exist or business units understand risks prior to implementation; evaluating and recommending new information security technologies and counter-measures against threats to information or privacy. Efficiency Leverage technology investments and vendors to maximize the effectiveness and efficiency of daily responsibilities. Develop a central function to support del very and sustainability of critical security programs and ensure continuous improvement and efficiencies over time with an emphasis on process improvements and process re-engineering. Trends and Education Leverage banking resources, networks, and third parties to keep abreast of the regulatory environment and trends that impact information security, banking, and technology. Pursue professional development and training opportunities to ensure the Bank's environment and personal skillsets remain future-proof and forward-thinking. Relationships and Contacts The Information Security Officer reports to the Chief Risk Officer and oversees information security vendors. This position interacts with departmental personnel of all levels and banking center locations. Contact is required with a variety of third parties including vendor, community, and professional organizations. []{style='font-size : 12pt; font-family : '}
