Information Security Specialist

GENERAL FUNCTION:

The Information Security Specialist is responsible for cooperation in the management of a bank wideinformation security management program to ensure that information assets are adequately protected. Thisposition works closely with the Information Security Manager/Officer, risk functions, regulatory compliance,engineering, and business stakeholders to ensure that controls are operating effectively, and risks are identifiedin a timely manner. He or she will also oversee a variety of IT-related risk management activities.

MAJOR DUTIES AND RESPONSIBILITIES:

• Collaborate, implement, and monitor a comprehensive enterprise information security and IT riskmanagement program to ensure that the integrity, confidentiality, and availability of information isowned, controlled, or processed by the organization.
• Collaborate, maintain, and publish up-to-date information security policies, standards, and guidelines.Oversee the approval, training, and dissemination of security policies and practices.
• Collaborate, manage, and communicate information security and risk management awareness trainingprograms for all employees, contractors, and approved system users.
• Work directly with the bank to facilitate IT risk assessment and risk management processes, and workwith stakeholders throughout the bank on identifying acceptable levels of residual risk.
• Provide regular reporting on the status of the information security program to business owners and/orInformation Security Manager/Officer.
• Maintain an information security management framework based on the Gartner Business model andITIL.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation oftechnical controls.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on theappropriate courses of action.
• Understand and interact with related disciplines through committees to ensure the consistent applicationof policies and standards across all technology projects, systems, and services, including, but not limitedto data security, privacy,risk management, compliance, and business continuity management.
• Perform related duties and fulfill responsibilities as required.

ADDITIONAL RESPONSIBILITIES:

• Monitor Identity Management service catalog.
• Monitor Patch Management process.
• Maintain an information security advisory role and relationship with bank users.
• Keeps abreast of new procedures and technology implemented by the technology department.
• Ensure that all software is legal. Report any instances of abuse to management.
• Support third-party oversight and monitoring processes, including security assessments of the bank's
• vendors and service providers.
• Stay up-to-date with industry trends and regulatory requirements related to technology governance, risk,
• and compliance.
• Perform day-to-day activities consistent with safe and sound business practices and regulatory
• requirements.
• Other duties as assigned by the Information Security Manager/Officer.

JOB QUALIFICATIONS:

• At least eight (8) years of experience in a combination of risk management, information security and IT
• or related service role. Employment history must demonstrate increasing levels of responsibility
• In-depth working knowledge of project management standards.
• Certifications desired: SECURITY +, CISA, CRISC, CISM, CISSP, ITIL.
• Bachelor's or Master's Degree in Computer Science, Business Administration, or other related field. Or
• equivalent work experience.
• Excellent written and verbal communication skills.
• Ability to analyze and solve problems.
• Must have a valid driver's license and proof of insurance.
• Ability and willingness to travel to various locations and prospective facilities.
• Ability to work effectively in a diverse work group.
• Analytical ability to gather and summarize data for reports.
• Demonstrated ability to effectively interact with employees, vendors, and management.
• Ability to prioritize and organize.

STANDARDS OF PERFORMANCE:

• We will be honest in all that we do.

• We will conduct ourselves in a professional, dignified manner.
• We will always treat our customers with respect.
• Must be courteous and respectfully of all customers and employees.
• We will treat co-workers, peers, and vendors with the same degree of respect and consideration we give
• our customers and expect for ourselves.
• We will maintain a cheerful positive attitude about our bank, industry, peers, customers, and supervisory
• personnel.
• Attempt to return all phone calls the same day as they are received.
• We will conduct an informal performance appraisal of all personnel reporting directly to you quarterly
• and a detailed performance review annually.
• We will see that all supervisory personnel under your supervision conduct the same type of review on
• personnel they supervise.
• We will keep confidential information confidential.