Responsible for working with senior management and IT Steering Committee to test, document, evaluate, make recommendations, and offer solutions for improving internal controls as they relate to Information Security throughout the organization. Assess information security policies and supporting processes, and help ensure IT compliance with regulatory requirements. This position requires communication and collaboration with management and auditors.
Essential Functions and Duties:
- Evaluate the Information Security Program including recommending updates to existing policies and procedures to help ensure they are in accordance with established industry practice and compliant with federal and state regulations.
- Coordinate internal/external IT audits and assessments. Organize, track, and ensure the remediation of IT audit or assessment findings and recommendations.
- Utilize the prevailing cybersecurity examination tool, and perform ongoing assessments to ensure that information is adequately safeguarded. Validate that the Information Security Program is constantly maturing.
- Review vendor IT documentation and audits to validate that all vendors comply with internal information security policies and applicable regulations. Provide related summaries to the VP of IT. Ensure the Risk Management Committee is involved in approving any significant documentation exceptions to the Vendor Management Program.
- Audit IT solutions, systems and configurations, user access controls, and settings periodically to ensure compliance with established policy and guidelines. Report anomalies to senior management and IT Steering Committee.
- Recommend content for the cyber security training program. Review analytics, responses, and results for training administered to evaluate the effectiveness of the program. Ensure that the assignment and tracking of training recommended is coordinated through Human Resources personnel. Prepare periodic reporting to the Risk Management Committee of the findings and communicate the effectiveness of the program.
- Develop and maintain the Business Continuity and Incident Response plans. Coordinate the implementation of these plans with the organization and business lines respectively.
- Coordinate the testing of the Business Continuity and Incident Response plans. Organize, track, and ensure compliance with established policy, procedures, and guidelines. Report anomalies to senior management and applicable committees.
- Report any information security incident to the VP of Risk & Compliance and VP of IT immediately. Assist with coordination and documentation of the response to an information security incident according to established policies and procedures, as requested.
- Perform other related duties as requested by the supervisor.
- Bachelor’s Degree in an Information Technology field or minimum of 7 years related work experience.
- The position requires a high level of technical knowledge and experience in network architecture, design, configuration, and implementation.
- Candidates should have in-depth knowledge of network routing, firewalls, intrusion detection systems, internet filtering, anti-virus technology, application security, secure email gateways, and PCI and GLBA compliant environments.
- Candidate that maintains the Certified Information Systems Auditor (CISA) designation and/or Certified Information Systems Security Professional (CISSP) designation is preferred.
- Strong organization, time management and communication skills are required. Must be comfortable writing technical documentation.