BuffaloRecruiter Since 2001
the smart solution for Buffalo jobs

Chief Information Security Officer

Company: Five Star Bank
Location: Buffalo
Posted on: May 28, 2023

Job Description:

Position Title: Chief Information Security Officer
Reports To: Chief Risk Officer
Department: Information Security
FLSA Status: Exempt
Purpose: The Chief Information Security Officer ("CISO") is responsible and accountable for overseeing and reporting on the management and mitigation of information security risks across the organization and is accountable for the results of this oversight and report. The CISO is responsible for the strategy, execution and administration of the overall organizational information security and cybersecurity programs. The CISO is required to drive change, think pragmatically, support better practices across the organization and help to build out a more robust platform for growth. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization and to ensure that information assets are adequately protected. This position also ensures that the Company complies with statutory and regulatory requirements regarding information access, security, and privacy, among others.
Supervisory Responsibilities:
Degree of Supervision Received: Minimal

  • Supervision Received (title): Chief Risk Officer Degree of Supervision Given: Moderate
    • Supervision Given to (Titles): Information Security Analyst(s); Sr. Information Security and Compliance Analyst(s); Sr. Information Security Systems Engineer(s) Essential Functions:
      • Responsible for the update and implementation of the Information Security Program and associated policies, including the disaster recovery and incident response plan in accordance with state and federal guidance and regulatory requirements.
      • Works closely with business managers and information technology to facilitate risk assessment and ongoing and evolving risk management processes to meet changing external threats as well as internal business initiatives. The CISO must possess a "solution mindset" to successfully support bank projects and initiatives.
        • Develops, implements, and monitors a strategic, comprehensive enterprise information security and IT risk management program
        • Develops Information Security Strategic Plan
        • Develops/enhances and successfully implements the annual Information Security Framework
        • Acts as the subject matter expert for the Company and is responsible for ensuring compliance with regulations related to information/cyber security. Serves as the Company's contact for external auditors, agencies, and third parties on information security matters.
        • Develops and implements ongoing risk assessments, including the Federal Financial Institutions Examination Council (FFEIC) Cyber Security maturity and inherent risk profile assessments.
        • Communicates updates to Management and the Board of Directors regarding Department initiates, results, and current cyber threat landscape.
        • Responsible for ensuring the proper training and awareness for employees and the Board of Directors on cyber security threats, controls and internal policies. Ensures that commercial customers have access to cyber security training annually.
        • Collaborates with Information Technology on the selection and implementation strategy of corporate information security technology including monitoring and reviewing the output of these resources, identifying vulnerabilities, breaches, data leakage and opportunities for added protection.
        • Evaluates vendor due diligence reviews as part of the Vendor Management Program. Evaluates the information security posture of new and potential vendors.
        • Oversees the monitoring of internal control systems to ensure that appropriate access levels are maintained. Reports on information security issues related to systems, users, and workflows to ensure controls are appropriate and operating as intended.
        • Manages performance of direct reports and provides ongoing coaching, development, and training opportunities to ensure staff has the skills and resources to be successful. Responsible for timely completion of performance evaluations of assigned staff.
        • Demonstrates the standards and principles of the Five Star Bank experience in every interaction with internal and external customers and associates. Incorporates the high-performance behaviors of teamwork, leading by example and service in every facet of work. Job Related Qualifications - Education and Prior Experience:
          Required:
          • Education: Bachelor's Degree in Computer Science, Information Systems, or related field
          • Prior Experience:
            • 12+ years of Information Security experience of leading key information security staff and programs (preferably in banking)
            • Licenses or Accreditation: One or more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or SANS Global Information Assurance Certification (GIAC), CCSP (Certified Cloud Security Professional) and/or SSCP (Systems Security Certified Practitioner) -OR-
              Required:
              • Education: Master's Degree in Computer Science, Information Systems, or related field
              • Prior Experience: 7+ years of Information Security experience
              • Licenses or Accreditation: One or more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or SANS Global Information Assurance Certification (GIAC), CCSP (Certified Cloud Security Professional) and/or SSCP (Systems Security Certified Practitioner) Preferred:
                • Education: Master's Degree in Computer Science, Information Systems, or related field
                • Prior Experience: 10+ years of progressive experience in computing and information security, policy development, program administration, and compliance activities. Progressive supervisory experience.
                • Licenses or Accreditation: Two or more of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or SANS Global Information Assurance Certification (GIAC), CCSP (Certified Cloud Security Professional) and/or SSCP (Systems Security Certified Practitioner)
                  Competencies:
                  • Strong analytical and problem-solving skills
                  • Ability to communicate technical and security related concepts to a broad range of technical and non-technical staff
                  • Ability to identify information security risks and provide recommendations for risk mitigation
                  • Strong Organizational skills with the ability to multitask and prioritize in demanding or stressful situations to meet assigned deadlines with minimal supervision
                  • Experience with secure software development practice and cloud security controls
                  • Experiences with AWZ , GCP and Azure DEVOPS enablement/migration
                  • Proven understanding of SEIM, DLP , WAF , IPS and firewalls
                  • Proficient with information security frameworks such as ISO/IEC 27001, National Institute of Standards and Technology (NIST), SANS Institute, Control Objectives for Information and Related Technology (COBIT), and Federal Financial Institutions Examination Council (FFIEC) guidelines.
                  • Possess a strong knowledge of security systems and vulnerability assessments firewalls, Network Intrusion Detection Systems (NIDS), Host Intrusion Detection Systems (HIDS), etc.
                  • Experience with Cloud computing/Elastic computing across virtualized environments Physical Requirements:
                    • Able to regularly sit for prolonged periods of time.
                    • Extensive computer usage is required.
                    • Ability to work occasional evenings and weekends.
                      This job description is not exhaustive. The Chief Information Security Officer may be required to perform other duties as assigned.

Keywords: Five Star Bank, Buffalo , Chief Information Security Officer, Executive , Buffalo, New York

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest New York jobs by following @recnetNY on Twitter!

Buffalo RSS job feeds