Description
The Director of Information Security is responsible for establishing and maintaining the overall information security program within the Bank. The Director is responsible for providing leadership, strategic direction, and guidance to ensure the confidentiality, integrity, and availability of the Bank's information assets. The Director oversees the development and implementation of information security policies, procedures, and controls and ensures compliance with industry regulations and standards.
_____________________________________________________
Essential Functions
1. Develops and implements a comprehensive information security program, including policies, procedures, and controls.
2. Monitors and urgently addresses current and emerging cybersecurity risks that pertain to the Bank and its customers. Advises the Bank's Chief Risk Officer, IT Committee, and Senior Management in developing and implementing information technology safeguard strategies and controls to mitigate risks.
3. Conducts ongoing information security compliance monitoring and performs IT and customer information risk assessments for all areas of the Bank.
4. Monitors and continuously upgrades information security and business resiliency capabilities across the enterprise.
5. Manages enterprise-wide Business Continuity Planning (BCP), including establishing and validating policies and procedures to restore business-critical services of the Bank in the event of a disaster or event.
6. Works closely with and challenges the Director of Information Technology and the Chief Risk Officer to develop strategic plans and makes recommendations for significant information technology projects involving functional changes within the Bank.
7. Serves as Chair on the Bank’s Risk Committee.
8. Provides the Board with an annual assessment of the Bank's Information Security program in accordance with the Gramm Leach Bliley Act.
9. Assures audit compliance and procedure quality control through internal and external reviews, recommends and initiates corrective actions, and ensures system resources are in compliance with established Bank policies, procedures, and state and federal laws, rules and regulations.
10. Manages the Bank's Vendor Management Program with regards to the selection, negotiation, and contract management for service level agreements with third-party providers as required, and maintains a risk-based framework to mitigate and monitor third-party risk.
11. Manages physical security policies, protocols, procedures, and systems. Ensures policies and procedures are consistently applied across the Bank and ensures adherence with regulatory requirements.
12. Continuously monitors and assesses the information security team and resources to ensure the organization employs and develops top talent.
13. Performs personnel actions, including performance appraisals, disciplinary actions, and interviewing candidates for employment, and supervises the daily activities of the department, including, but not limited to, effective delegation of assignments, developing work schedules, and providing necessary training.
14. Fosters a culture of security awareness and accountability throughout the organization. Works with the Training Officer to develop and deliver security awareness and training programs to educate employees on security best practices.
15. Supports Community Reinvestment Act (CRA) through business development efforts. Actively participates in community organizations.
16. Maintains a current knowledge of bank regulations. Ensures compliance with all Federal, State and Bank policies, procedures, and regulations.
17. Other duties as assigned.
Requirements