Information Security Officer

Information Technology Walpole, Massachusetts


Description

Information Security Officer

Walpole Co-operative Bank

Walpole, MA

 

About Walpole Co-operative Bank

Walpole Co-operative Bank is a community bank dedicated to meeting the needs of the communities we have served for the last century. Our office is located in the heart of Walpole and our focus has always been helping local people, businesses and non-profit organizations reach their goals. Our perspective is unique because it is local and hyper-focused on the specific needs of our wonderful community.  We are a high performing, financially sound independent community bank. Our commitment is to provide quality banking solutions that support the economic vitality of the individuals and businesses within the markets we serve. This commitment strengthens local communities, creating a positive impact on people’s lives.  Walpole Co-operative Bank believes in rewarding its employees for their hard work and contributions to the team.  Full-time employees enjoy a comprehensive benefits package including 401(k).

 

Position Summary

Walpole Co-operative Bank is seeking an Information Security Officer, reporting directly to the President and Chief Executive Officer.  The Information Security Officer will be responsible for planning, implementing, and maintaining information security controls to safeguard the Bank’s corporate, customer, and employee data against intentional or unintentional disclosure, modification, or destruction while ensuring the confidentiality, integrity, and availability of the Bank’s information assets.

 

Information Security Officer Job Responsibilities

  • Oversee the Information Security Program, including policies, procedures and standards while adhering to suitable information security frameworks and relevant best practices
  • Maintain effective information security and asset-based risk assessments designed to evaluate inherent risks, controls, and residual risks; ensure appropriate security controls and processes are in place to mitigate residual risks
  • Oversee the Information Security Awareness Program, including ongoing development and training
  • Maintain the Incident Response Policy and procedures, and co-leads with the Bank’s Security Officer on the Bank’s Incident Response Team, including ongoing development, training, and testing
  • In conjunction with the IT Director, maintains the Business Continuity Program, including ongoing development, training, and testing
  • Analyze current business processes and future projects to determine applicable information security and possible business continuity requirements and provide best practice recommendations
  • Maintain the Vendor Management Program, including oversight of the ongoing review of vendors and contracts
  • Establish and maintain professional relationships with employees, service providers, industry experts, regulatory agencies, and law enforcement
  • Maintain the Identity Theft/Red Flags Program, Corporate Account Takeover (CATO), including ongoing development and training , in conjunction with the Vice President, Deposit Operations Officer.
  • Monitor and evaluate applicable regulations, industry trends, and best practices; implement changes to policies, procedures, and standards when needed to ensure compliance
  • Subscribe to and participate in various information security forums hosted by industry and regulatory agencies, including the Federal Reserve’s Information Security and Cyber Threat Forum and the Massachusetts Bankers Association’s Chief Information Officer (CIO) Sessions
  • Discuss and promote various information security topics for various committees
  • Report monthly information security summaries and annual program updates to the Board of Directors, including incident response items
  • Review security-related controls and systems to ensure compliance with bank policies and procedures; follow-up on detected security issues and implements solutions to reduce security risk
  • Reviews security-related controls on a daily, weekly, and monthly basis. Logs, and reports, including those for anti-virus, email, firewall, IPS/IDS, operating system, patch, VPN, vulnerability scans, and web traffic; escalate concerns and issues of non-compliance with the Bank’s policies, procedures, and standards for potential risk mitigation or risk acceptance
  • Participate in internal and external audits and reviews applicable to information security, including information technology and privacy
  • Participate in Community Reinvestment activities; may participate in selected community or civic organizations and target and meet community needs through product development and promotion
  • Meet compliance/audit goals and objectives, as well as company strategic goals
  • Attend Board meetings, Compliance Committee, Audit Committee, Information Technology Steering Committee, and manager meetings as required

 

Information Security Officer Education, Experience, and Skills

  • Bachelor’s degree in Computer Information Systems, Information Security or a technology- related field
  • Minimum 5 years’ experience in an information security or information technology required; banking/financial service experience preferred
  • Current Certified Information Systems Security Professional (CISSP) or willingness to obtain certification is required.
  • Strong knowledge and experience in information security/asset-based risk assessments, data protection, patch/vulnerability management, architecture hardening and security (e.g., firewalls, virtualization, Windows OS)
  • Strong knowledge of regulatory bodies and regulations issued by these bodies, including the Federal Reserve Board, FFIEC, and FinCEN
  • Strong knowledge of privacy laws, such as the Gramm-Leach-Bliley Act (GLBA)
  • Experience with business continuity planning and/or vendor management is preferred
  • Experience with the Microsoft Office Suite
  • Exceptional communication skills with the ability to interact with all levels of an organization
  • Strong presentation skills; policy writing experience
  • Minimal travel may be required for attendance at seminars and/or meetings
  • Excellent interpersonal skills
  • Ability to adapt to a fast-moving threat landscape, and keep pace with new thinking and technologies
  • Efficient multitasking and time management
  • Creative thinking skills

 

Disclaimers: Applicants, as well as position incumbents, who become disabled as defined under the Americans with Disabilities Act must be able to perform the essential job functions (as listed) either unaided or with the assistance of a reasonable accommodation to be determined by management on a case by case basis. 

 

Walpole Co-operative Bank is committed to the principle of equal employment opportunity.  Applicants for employment and employees are reviewed on their individual qualifications for a position.  Under no circumstances will Walpole Co-operative Bank discriminate against qualified persons on the basis of race, color, religious creed, retaliation, national origin, ancestry, sexual orientation, gender, gender identity/expression, disability, mental illness, genetics, choice of health insurance, marital status, age, veteran status, or any other basis prohibited under applicable law.

 

 

WCB1