Information Security Officer
INFORMATION SECURITY OFFICER
The Information Security Officer (“ISO”) is a senior level professional responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this risk management role is to ensure the execution of Information Security directives and activities in alignment with the Bank’s Information Security Program and to remain compliance with all Regulatory requirements.
• Demonstrates understanding of AMB’s Information Security standards and best practices. Communicates and recommends relevant updates and changes to Information Security standards and processes with the business.
• Establishes relationships with business managers and is consulted as a subject matter expert in Information Security. Influences decisions made by various Committees through recommendations and strong interpersonal skills.
• Performs ISO-related tasks across the AMB Information Security Program and ensures that deliverables are completed per applicable project timelines.
• Documents all suspected, identified, and reported security incidents (SIRTs). When needed, assists the Incident Response Team on investigation and triage tasks. Responsible for responding to security events by ordering emergency actions to protect the institution and its customers from imminent loss of information. Work with insurance companies and assist in the preparation of breach notification letters to clients/Regulators/etc., as needed. Receive and review Managed Security Service Provider SecurLOG alerts (i.e. Windows, firewall, intrusion detection, etc.).
• Assists in documenting corrective action plans for all Information Security-related gaps and reviews evidence prior to submitting issues for closure to ensure they meet AMB’s technical and audit requirements.
• Works with the business to manage Information Security risk by analyzing the root cause, impact, and likelihood of issues, and then supports the business in implementing corrective action plans, risk exceptions, and/or compensating controls where appropriate.
• Partners with the Chief Technology Officer to ensure vulnerability assessments are completed and issues are remediated or risks accepted in accordance with AMB’s Information Security Program.
• Review and recommend changes or enhancements to the IT Risk Assessment, Cybersecurity Assessment Tool, Ransomware Self-Assessment and any other policy or risk-based technology and security framework material with a focus on overall security protection and improvement.
• As required by State or FDIC regulators, the Information Security Officer may serve as the primary point of contact for Information Security-related topics and provide Information Security deliverables during all internal and external regulatory audits and examinations.
• Assists the business in ensuring that Information Security-related audit issues, identified through internal or external audits, are addressed timely.
• Provides general Information Security awareness training to business partners on relevant current and emerging Information Security risks.
• Advises the business of the appropriate controls for safeguarding sensitive information based on AMB’s Information Security standards and the Information Security risks inherent and/or affecting the information assets.
• Participate as a member on all Committee’s relevant to this job description.
• Assist in the review of IS/Cyber insurance policies.
• Assist with the completion of the annual GLBA IS/IT Report.
• Assist with ongoing role-based security reviews to ensure least privilege access is deployed across the Bank. Make recommendations to enhance user and group security across all application platforms.
• 10+ years of relevant experience
• CISA, CISM and/or CISSP certification is desired
• Proficient in interpreting and applying policies, standards and procedures
• Consistently demonstrates clear and concise written and verbal communication
• Proven influencing and relationship management skills
• Excellent problem solving and proven analytical skills
• Reports to the Chief Internal Auditor (solid line)
• Reports to the Board of Directors (dotted line) Education
• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred