Information Security Specialist

GENERAL FUNCTION

The Information Security Specialist is responsible for cooperation in the management of a bank wide information security management program to ensure that information assets are adequately protected. This position works closely with the Information Security Manager/Officer, risk functions, regulatory compliance, engineering, and business stakeholders to ensure that controls are operating effectively, and risks are identified in a timely manner. He or she will also oversee a variety of IT-related risk m anagement activities.

MAJOR DUTIES AND RE S PONSIBILITIES

Collaborate, implement, and monitor a comprehens i ve enterprise informa t ion security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or p rocessed by t h e organizati o n. Collaborate, maintain, and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, train i ng, and dissemination of security policies and practices. Collaborate, manage, and communicate information s ecurity and risk management awareness training programs for all employees, contractors, and approved system users. Work directly with the bank to facilitate IT risk a s sessment and risk management processes, and work with stakeholders throughout the bank on identifying acceptable levels of r esidual risk. Provide regular reporting on the status of the information security program to business owners and/or Information Security Manager/Officer. Maintain an information security management framework based on the Gartner Business model and ITIL. Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical contro l s. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology pr o jects, systems, and services, including, but not limited to data security, privacy, risk management, compliance, and business continuity management. Perform related duties and fulfil l responsibilities as required.

ADDITIONAL RESPONSIBI L ITIES

Monitor Identity Management service catalog. Monitor Patch Management process. Maintain an information security advisory role and relationship with bank users. Keeps abreast of new procedures and technology imp l emented by the technology department. Ensure that all software is legal. Report any instances of abuse to management. Support third-party oversight and monitoring processes, including security assessments of the bank ' s vendors and service providers. Stay up-to-date with industry trends and regulatory requirements related to technology governance, r isk, and compliance. Perform day-to-day activities consistent with safe and sound business practices and regulatory requirements. Other duties as assigned by the Information Secu r ity Manager/Officer.

JOB QUALIFICATIONS

At least eight (8) years of experience in a combination of risk manageme n t, information security and IT or related service role. Emp l oyment history must demonstrate increasing levels of responsibility In-depth working knowledge of project management standards.

Certifications desired:

SECURITY +, CISA, CRISC, CISM, CISSP, ITIL.

Bachelor's or Master's Degree in Computer Science, Business Administration, or other related field. Or equivalent work experience. Excellent written and verbal communication skills. Ability to analyze and solve problems. Must have a valid driver's license and proof of insurance. Ability and willingness to travel to various locations and prospective facili t ies. Ability to work effectively in a diverse work group. Analytical ability to gather and summarize data f o r reports. Demonstrated ability to e ffectively interact with employees, vendors, and management. Ability to prioritize and organize.

STANDARDS OF PERFORMANCE

We will be honest in all that we do. We will conduct ourselves in a professional, dignified manner. We will always treat our customers with respect. Must be courteous and respectfully of all customers and employees. We will treat co-workers , peers, and vendors with the same degree of respect and consideration we give our customers and expect for ourselves. We will maintain a cheerful positive attitude about our bank, industry, peers, customers, and supervisory personnel. Attempt to return all phone calls the same day as they are received. We will conduct an info r mal performance appraisal of all personnel report i ng directly to you quarterly and a detailed p erforma n ce review ann u ally. We will see that all supe r visory personnel under your supervision conduct the same type of review on personnel they supervise. We will keep confidential information confidential.