|Position||00364 Information Security Officer|
|City, State||100 % Remote if located in...,NJ, NY (except NYC) PA, GA or FL|
|Salary||165-175K plus 14% Bonus|
|Contact Name||Steve Silvi|
|Description||As the Information Security Officer, you will be responsible to enforce the enterprise Information Security Policy to ensure confidentiality and integrity of the information assets.|
You will work with management to review policy and procedures around Information Security to ensure current threats are identified, response plans are appropriate, and to identify any new threats to securing customer information.
The Information Security Officer develops annual assessments of information security risks, identify threats and risk rating for information systems and performs reviews related to risk management strategies and controls.
Accountable for the oversight of the Bank's data security controls including the ongoing activities related to the availability, integrity and confidentiality of customer and employee information.
Manage the reporting for Data Classification (electronic and physical).
Participate in the development of business risk assessments.
Develop, administer, and coordinates procedures to ensure compliance to government and other regulatory policies and laws related to information security and privacy.
Supervise a small group (1-3) of employees.
Perform system access reviews for all significant systems and role based access rights.
Perform operational risk management reviews related to third-party vendors ("TPV") including SOC2 reviews and ongoing enhancement of the TPV program to ensure proper due diligence, risk assessment and monitoring.
Review annual key internal controls (i.e. SOX, COSO, etc.) for areas of responsibility and ongoing monitoring to ensure rigorous and timely adherence to key controls.
Management of the data security monitoring tools and associated reporting to meet compliance and regulatory requirements.
Perform Information Security reviews for new systems to assure all aspects of the Information Security program and regulatory requirements are incorporated into the system design and configuration.
Identify and communicate emerging threats and vulnerabilities at an enterprise and program level.
Maintain information security controls to ensure compliance with uniform standards established by the FFIEC.
Manage the cybersecurity user awareness program to include periodic user security training/education to support the security awareness program and regular management reporting on security training and education.
Perform any other related duties as required or assigned.
|Requirements||Technical degree in Information Security, Computer Engineering, Computer Technology, or similar discipline.|
7 years’ related experience and/or training in Cybersecurity/Information Security/Information Technology
Ability to read, analyze, and understand common scientific and technical journals, financial reports, and legal documents.
Intimately familiar with financial regulatory requirements that apply to Information Security.
Knowledge of issues and problems related to information security.
Knowledge of contemporary hardware, software, and network architectures.
Strong technical background in systems and networking.
High level of integrity and sound judgment concerning security, privacy issues and complex situations.
Excellent written and verbal communication skills, both effective and efficient.
Strong service commitment.
Excellent planning skills.
Ability to plan and execute.
Ability to work as a productive, responsible, self-motivated member and/or leader of a team.
Ability to work independently and manage time effectively.
Ability to understand and implement cultural change related to technology.
Certified Information Systems Security Professional (CISSP)
Systems Security Certified Practitioner (SSCP)
3 years’ of related managerial experience