Description

The Director of Information Security is responsible for establishing and maintaining the overall information security program within the Bank. The Director is responsible for providing leadership, strategic direction, and guidance to ensure the confidentiality, integrity, and availability of the Bank's information assets. The Director oversees the development and implementation of information security policies, procedures, and controls and ensures compliance with industry regulations and standards.

_____________________________________________________

Essential Functions

1. Develops and implements a comprehensive information security program, including policies, procedures, and controls.

2. Monitors and urgently addresses current and emerging cybersecurity risks that pertain to the Bank and its customers. Advises the Bank's Chief Risk Officer, IT Committee, and Senior Management in developing and implementing information technology safeguard strategies and controls to mitigate risks.

3. Conducts ongoing information security compliance monitoring and performs IT and customer information risk assessments for all areas of the Bank.

4. Monitors and continuously upgrades information security and business resiliency capabilities across the enterprise.

5. Manages enterprise-wide Business Continuity Planning (BCP), including establishing and validating policies and procedures to restore business-critical services of the Bank in the event of a disaster or event.

6. Works closely with and challenges the Director of Information Technology and the Chief Risk Officer to develop strategic plans and makes recommendations for significant information technology projects involving functional changes within the Bank.

7. Serves as Chair on the Bank’s Risk Committee.

8. Provides the Board with an annual assessment of the Bank's Information Security program in accordance with the Gramm Leach Bliley Act.

9. Assures audit compliance and procedure quality control through internal and external reviews, recommends and initiates corrective actions, and ensures system resources are in compliance with established Bank policies, procedures, and state and federal laws, rules and regulations.

10. Manages the Bank's Vendor Management Program with regards to the selection, negotiation, and contract management for service level agreements with third-party providers as required, and maintains a risk-based framework to mitigate and monitor third-party risk.

11. Manages physical security policies, protocols, procedures, and systems. Ensures policies and procedures are consistently applied across the Bank and ensures adherence with regulatory requirements.

12. Continuously monitors and assesses the information security team and resources to ensure the organization employs and develops top talent.

13. Performs personnel actions, including performance appraisals, disciplinary actions, and interviewing candidates for employment, and supervises the daily activities of the department, including, but not limited to, effective delegation of assignments, developing work schedules, and providing necessary training.

14. Fosters a culture of security awareness and accountability throughout the organization. Works with the Training Officer to develop and deliver security awareness and training programs to educate employees on security best practices.

15. Supports Community Reinvestment Act (CRA) through business development efforts. Actively participates in community organizations.

16. Maintains a current knowledge of bank regulations. Ensures compliance with all Federal, State and Bank policies, procedures, and regulations.

17. Other duties as assigned.

Requirements

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Extensive experience in information security management, including experience in a leadership or executive role.
• Professional certifications such as ISACA-CISM, and/or ISC2-CISSP are required.
• In-depth knowledge of information security frameworks, standards, and best practices. Strong understanding and experience in implementing the guidelines of FFIEC IT Booklets.
• Strong understanding of risk management principles and experience conducting risk assessments.
• Demonstrated ability to develop and execute strategic plans and initiatives.
• Strong leadership and people management skills, with the ability to build and develop a high-performing security team.
• Up-to-date knowledge of emerging threats, vulnerabilities, and security technologies.
• Ability to deal with complex problems involving multiple facets and variables in non-standardized situations.