Information Security Officer (ISO)

Information Security Officer (ISO) EverTrust Bank - 3.4 City of Industry, CA Job Details Full-time $90,000 - $130,000 a year 2 hours ago Qualifications Computer Science Incident response Bachelor's degree Organizational skills IT Full Job Description EverTrust Bank is seeking an Information Security Officer to join our team. Headquartered in the City of Industry, California , EverTrust is a relationship‑driven financial institution specializing in commercial lending, deposit services, and banking solutions, committed to maintaining an information security program aligned with U.S. banking regulations and FFIEC guidance to support safe and secure operations.

ESSENTIAL JOB FUNCTIONS

Implementing the information security standards described in this program On the Bank's core Horizon system, after approval from Information Security Officer (ISO) IT Department creates and maintains user profiles. ISO also required to approving any modification on user's access (add, change, delete) On the EverTrust network domain, after approval from Information Security Officer (ISO) IT Department creates and maintains user profiles The Head of Operations/Information Security Officer authorizes system access request. The Chief Risk Officer (CRO) will act as the Information Security Officer in the absence of the Head of Operations System access during non-business hours requires the approval of the Chief Executive Officer (CEO) or the Head of Operations/Information Security Officer and his/her designated back-up personnel will have 7 x 24 system access to manage the host system for all users Approve major system changes Approve vendor access Information Security Officer needs to approve all BCR change requests other than rate changes Approve patch exceptions Review A log of all transactions received from all terminals is maintained by the computer systems details the exception reporting This personally-owned mobile device functionality and access will only be granted to employees who Have been approved by their executive level manager and the Bank's Information Security Officer If the device is lost or stolen, or if it is believed to have been compromised in some way, report the incident immediately to the Bank's Information Security Officer and/or IT department The Bank has created a corporate System Incident Response Team (SIRT), composed of the Bank Information Security Officer, the IT Director, and Chief Risk Officer Contact local authorities when ordered by the Bank Information Security Officer Employees are prohibited from installing any software on his/her computer; all software must be authorized to be installed by the Information Security Officer, and only then after being appropriately screened for any - malware Report the security incident to the ISO Upon assessment of the situation, the Information Security Officer should report to Security Risk Officer (SRO) on the intrusion notify, by telephone, appropriate law enforcement authorities and regulator of any extraordinary incidents Any intrusion, attempted intrusion, or suspicious activity regarding computer technology and/or network systems should be immediately reported to the bank's Information Security Officer or the department/functional area supervisor It is the responsibility of the Information Security Officer (ISO) to ensure that proper controls are in place for employee access of confidential data, monitor and report any breaches of security to the CRO and or President & CEO, and maintain software and hardware controls appropriate to ensure safeguarding confidential information the ISO will provide training to department managers to make sure that they are able to recognize, respond to, and report unauthorized attempts to obtain customer information. ISO will also maintain a central file of intrusion reports, customer complaints and third-party vendor contract reports It is also the ISO's responsibility to ensure that due diligence is performed on third party contracts related to information security of the Bank. On an annual basis, Information Security Officer will conduct reviews of customer information security and report the results to the Board of Directors ISO review, evaluate and approve the justification, risk and mitigation plan patch exception policy IT Department maintains the list of person's authorized to have USB storage, which must be approved by Respective Manager and ISO and reviewed on an annual basis as part user's access review process The Bank's Information Security Officer is aware of the entire inventory of FedLine Security Tokens, and ensures through policy that they have considered contingency planning The Bank's Information Security Officer will ensure that an Official Authorization List identifies the individuals and employees that have the authority to sign and submit the EUAC form which identifies the EUAC within the organization The Information Security Officer will verify that the EUACs are the appropriate security administrators within the Bank that have the authority to request FLA credentials for employees The Information Security Officer will verify that Subscriber access, updates and removals to the Fedwire Funds, Fedwire Securities, FedACH, and National Settlement Service services is appropriate by accessing the following reports on a quarterly periodic The Information Security Officer is responsible to distribute the FedLine Advantage Procedures & Responsibilities User Acknowledgement (Exhibit B) to subscribers as a reminder for those users to comply with FLAs Password Practice Statement (PPS) pass phrase and password requirements. The Information Security Officer will also maintain the signed acknowledgment for audit purposes Password management utilities, if used to manage FedLine and Subscriber PC passwords, must be authorized by the Information Security Officer. Review Subscribers and Roles Report, the Event Tracker Report, and EUAC listing report IT conducts incremental and full backups of important files and storing the backed-up data offsite. Test results are reported to the IT director , ISO, ITSC and BOD The Head of Operations/Information Security Officer authorizes system access request. The Chief Risk Officer (CRO) will act as the Information Security Officer in the absence of the Head of Operations On an annual basis, Information Security Officer will conduct reviews of customer information security and report the results to the Board of Directors. The Bank's Information Security Officer is designated by the Board to be responsible for implementing the information security standards described in this program. Information Security Officer reports directly to the Chief Risk Officer to ensure independence.

QUALIFICATIONS

Education Bachelor's degree required, preferably in Information Security, Information Systems, Computer Science, Cybersecurity, Risk Management, or a related field Experience 3+ years of progressive experience in information security, IT risk management, or systems administration, preferably within a banking or financial services environment Abilities & Skills Strong understanding of information security and IT risk controls Ability to assess risk, exercise sound judgment, and support compliance requirements Experience with security incident handling and regulatory or audit interactions Strong analytical, documentation, and organizational skills Clear and effective communication skills, including the ability to convey security requirements to non‑technical audiences

Pay:

$90,000.00 - $130,000.00 per year Application Question(s): Will you now or in the future require the company to sponsor your employment authorization (e.g. H1-B, TN, E-3, or other employer-sponsored status)? What's your expected base annual salary? Please specify.

Education:

Bachelor's (Required)

Experience:

Information Security & IT Risk Management:

2 years (Required)

Access Control & Incident Response:

2 years (Preferred)

Banking Regulatory Compliance & Security Governance:

1 year (Preferred)

Work Location:

In person