Chief Information Security Officer
Company: Five Star Bank
Location: Buffalo
Posted on: May 28, 2023
Job Description:
Position Title: Chief Information Security Officer
Reports To: Chief Risk Officer
Department: Information Security
FLSA Status: Exempt
Purpose: The Chief Information Security Officer ("CISO") is
responsible and accountable for overseeing and reporting on the
management and mitigation of information security risks across the
organization and is accountable for the results of this oversight
and report. The CISO is responsible for the strategy, execution and
administration of the overall organizational information security
and cybersecurity programs. The CISO is required to drive change,
think pragmatically, support better practices across the
organization and help to build out a more robust platform for
growth. A key element of the CISO's role is working with executive
management to determine acceptable levels of risk for the
organization and to ensure that information assets are adequately
protected. This position also ensures that the Company complies
with statutory and regulatory requirements regarding information
access, security, and privacy, among others.
Supervisory Responsibilities:
Degree of Supervision Received: Minimal
- Supervision Received (title): Chief Risk Officer Degree of
Supervision Given: Moderate
- Supervision Given to (Titles): Information Security Analyst(s);
Sr. Information Security and Compliance Analyst(s); Sr. Information
Security Systems Engineer(s) Essential Functions:
- Responsible for the update and implementation of the
Information Security Program and associated policies, including the
disaster recovery and incident response plan in accordance with
state and federal guidance and regulatory requirements.
- Works closely with business managers and information technology
to facilitate risk assessment and ongoing and evolving risk
management processes to meet changing external threats as well as
internal business initiatives. The CISO must possess a "solution
mindset" to successfully support bank projects and initiatives.
- Develops, implements, and monitors a strategic, comprehensive
enterprise information security and IT risk management program
- Develops Information Security Strategic Plan
- Develops/enhances and successfully implements the annual
Information Security Framework
- Acts as the subject matter expert for the Company and is
responsible for ensuring compliance with regulations related to
information/cyber security. Serves as the Company's contact for
external auditors, agencies, and third parties on information
security matters.
- Develops and implements ongoing risk assessments, including the
Federal Financial Institutions Examination Council (FFEIC) Cyber
Security maturity and inherent risk profile assessments.
- Communicates updates to Management and the Board of Directors
regarding Department initiates, results, and current cyber threat
landscape.
- Responsible for ensuring the proper training and awareness for
employees and the Board of Directors on cyber security threats,
controls and internal policies. Ensures that commercial customers
have access to cyber security training annually.
- Collaborates with Information Technology on the selection and
implementation strategy of corporate information security
technology including monitoring and reviewing the output of these
resources, identifying vulnerabilities, breaches, data leakage and
opportunities for added protection.
- Evaluates vendor due diligence reviews as part of the Vendor
Management Program. Evaluates the information security posture of
new and potential vendors.
- Oversees the monitoring of internal control systems to ensure
that appropriate access levels are maintained. Reports on
information security issues related to systems, users, and
workflows to ensure controls are appropriate and operating as
intended.
- Manages performance of direct reports and provides ongoing
coaching, development, and training opportunities to ensure staff
has the skills and resources to be successful. Responsible for
timely completion of performance evaluations of assigned
staff.
- Demonstrates the standards and principles of the Five Star Bank
experience in every interaction with internal and external
customers and associates. Incorporates the high-performance
behaviors of teamwork, leading by example and service in every
facet of work. Job Related Qualifications - Education and Prior
Experience:
Required:
- Education: Bachelor's Degree in Computer Science, Information
Systems, or related field
- Prior Experience:
- 12+ years of Information Security experience of leading key
information security staff and programs (preferably in
banking)
- Licenses or Accreditation: One or more of the following:
Certified Information Systems Auditor (CISA), Certified Information
Systems Security Professional (CISSP), Certified Information
Security Manager (CISM), or SANS Global Information Assurance
Certification (GIAC), CCSP (Certified Cloud Security Professional)
and/or SSCP (Systems Security Certified Practitioner) -OR-
Required:
- Education: Master's Degree in Computer Science, Information
Systems, or related field
- Prior Experience: 7+ years of Information Security
experience
- Licenses or Accreditation: One or more of the following:
Certified Information Systems Auditor (CISA), Certified Information
Systems Security Professional (CISSP), Certified Information
Security Manager (CISM), or SANS Global Information Assurance
Certification (GIAC), CCSP (Certified Cloud Security Professional)
and/or SSCP (Systems Security Certified Practitioner) Preferred:
- Education: Master's Degree in Computer Science, Information
Systems, or related field
- Prior Experience: 10+ years of progressive experience in
computing and information security, policy development, program
administration, and compliance activities. Progressive supervisory
experience.
- Licenses or Accreditation: Two or more of the following:
Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM), or SANS Global
Information Assurance Certification (GIAC), CCSP (Certified Cloud
Security Professional) and/or SSCP (Systems Security Certified
Practitioner)
Competencies:
- Strong analytical and problem-solving skills
- Ability to communicate technical and security related concepts
to a broad range of technical and non-technical staff
- Ability to identify information security risks and provide
recommendations for risk mitigation
- Strong Organizational skills with the ability to multitask and
prioritize in demanding or stressful situations to meet assigned
deadlines with minimal supervision
- Experience with secure software development practice and cloud
security controls
- Experiences with AWZ , GCP and Azure DEVOPS
enablement/migration
- Proven understanding of SEIM, DLP , WAF , IPS and
firewalls
- Proficient with information security frameworks such as ISO/IEC
27001, National Institute of Standards and Technology (NIST), SANS
Institute, Control Objectives for Information and Related
Technology (COBIT), and Federal Financial Institutions Examination
Council (FFIEC) guidelines.
- Possess a strong knowledge of security systems and
vulnerability assessments firewalls, Network Intrusion Detection
Systems (NIDS), Host Intrusion Detection Systems (HIDS), etc.
- Experience with Cloud computing/Elastic computing across
virtualized environments Physical Requirements:
- Able to regularly sit for prolonged periods of time.
- Extensive computer usage is required.
- Ability to work occasional evenings and weekends.
This job description is not exhaustive. The Chief Information
Security Officer may be required to perform other duties as
assigned.
Keywords: Five Star Bank, Buffalo , Chief Information Security Officer, Executive , Buffalo, New York
Didn't find what you're looking for? Search again!
Loading more jobs...
