Director of Information Security

Job Title: Director of Information Security FLSA Status: Exempt Department: Information Security                                                               Hours of Operation: Monday – Friday 7:00am – 4:00pm; plus overtime as necessary.   General Job Summary: The Director of Information Security is the most senior role in Information Security, reporting directly to the Chief Risk Officer and will concurrently serve as the designated Information Security Officer (ISO) in compliance with Federal Financial Institutions Examination Council (FFIEC) guidelines. The incumbent will be responsible for developing, implementing, and managing the Bank's comprehensive information security program. This role entails safeguarding the organization's information assets, ensuring regulatory compliance, and promoting a culture of security awareness throughout the institution.   Organizational Duties and Responsibilities: Supports the mission, vision and philosophy of the Bank. Complies willingly with all organizational policies and procedures. Supports all functions that maintain compliance with regulatory agencies. Complete relevant annual training upon approval by the Chief Risk Officer.   Essential Duties and Responsibilities: Strategic Leadership: Develop and execute a robust information security strategy aligned with the Bank's objectives and regulatory requirements Regulatory Compliance: Serve as the primary liaison for FFIEC-related activities, ensuring full adherence to federal guidelines and industry standards Information Security Oversight: Oversee the establishment and enforcement of security policies, standards, and procedures Risk Management: Identify, assess, and mitigate information security risks through continuous monitoring and risk assessments Policy Development: Update and maintain security policies in response to evolving threats and regulatory changes Incident Response: Lead the incident response team in effectively managing security incidents to minimize impact and restore operations promptly Security Architecture: Direct the design and implementation of secure network architectures and security solutions Vendor Management: Evaluate and monitor third-party service providers to ensure compliance with the bank's security standards Training and Awareness: Develop and administer information security training programs to educate employees on cybersecurity best practices Audit Coordination: Collaborate with internal and external auditors, facilitating examinations and implementing recommendations Continuous Improvement: Stay informed of the latest cybersecurity trends, threats, and regulatory developments to enhance the bank's security posture   Other Functions: Keep abreast of changes in banking regulations, cyber security threats, FDIC/FFIEC standards, and privacy laws and regulations Complete information security projects and implement new tools Research new data security trends, keep up to date with current events and new threats in data security and participate in relevant training courses Provide assistance to Internal Audit and regulators with IT-related requests Lead in performing due diligence reviews of key new vendors and make meaningful recommendations on whether the new vendor meets the Bank’s data security standards Lead in performing due diligence reviews of new products and services and make meaningful recommendations to improve data security needs Serve as a member of the Enterprise Risk Management Committee, New Activities Risk Committee, Information Technology Steering Committee, and others as assigned Serve as the Chair of the Information Security Risk Management Committee   Working Conditions: Office environment with some travel to enterprise locations, company-sponsored events, training, or as directed Minimum Job Requirements: Education: Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field A relevant Master's degree or MBA is preferred Experience: Minimum of fifteen (15) years of experience in information security, including at least 3 years in a leadership role within the financial services sector Comprehensive Skills: Employees are expected to represent the Bank in a professional manner to customers and outside contacts Employees must have excellent interpersonal communication skills, consisting of the ability to write and speak effectively to others Employees must be a productive team player, with the ability to learn, apply training and comprehend policies and procedures Employees should also be flexible to changing working situations and able to meet deadlines as they arise Specific Skills: Comprehensive understanding of: FFIEC guidelines Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act (SOX) Payment Card Industry Data Security Standard (PCI DSS) Familiarity with cybersecurity frameworks such as: The Center for Internet Security (CIS) National Institute of Standards and Technology (NIST) International Organization for Standardization (ISO) 27001   Other Skills: Strong leadership and strategic planning abilities Excellent analytical and problem-solving skills Effective communication skills, both written and verbal, with the ability to convey complex security concepts to diverse audiences Proficiency in information security technologies and best practices   Specialized: Familiar with Cybersecurity related systems Licenses: Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM), and other relevant certification(s), or willingness to obtain CISSP and CISM within one year, preferred Supervisory Responsibility: Information Security Operations Manager Information Security Risk Manager Senior Information Security Analyst(s) Information Security Analyst(s), and any other positions added within the Information Security department.   Physical requirements: The physical demands described here are representative of those that must be met by an employee in order to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Primarily sedentary work performed in an office environment Ability to sit for extended periods of time while working at a computer Frequent use of hands and fingers to operate a computer, keyboard, mouse, and other office equipment Ability to speak clearly and hear well enough to communicate with clients, team members, and vendors via phone, video, and in person Visual acuity sufficient to read computer screens, printed documents, and financial data Occasional standing, walking, bending, or reaching Ability to lift and carry up to 10–15 pounds occasionally (e.g., files, office supplies)