VP Information Security Officer

  • Full-Time
  • Newton, MA
  • The Village Bank
  • Posted 2 years ago – Accepting applications
Job Description

Position Summary:

The ISO is responsible for the design, implementation, and sustainment of the enterprise-wide information and cybersecurity architectures that will ensure the protection, availability, accessibility, accountability and auditability of Bank’s information technology assets, data, intellectual capital, and operations within the following domains:

Governance, Risk & Compliance – Established the way the Bank organizes and governs security, considers key risk & compliance measurements and monitors activities across the enterprise.

People – Understands, reviews, and recommends identity & access management processes of the Bank and how they relate to third-party relationships, the impact to external/internal users, including provisioning, authentication, and tracking mechanisms as well as segregation of duties.

Data – Understands, reviews, and recommends the security of Bank´s data management and data classification used in the organization. Reviews data security use cases around protecting sensitive non-public information across the enterprise and recommends security controls for protecting this information.

Applications – Reviews and recommends the approach for maintaining security of key applications, ensuring that development and change management approaches following best practices.

Infrastructure – Understands, reviews, and recommends improvements for the overall security of Bank technology infrastructure across end points, networks, servers, and data. This includes monitoring & management of events/alerts and logs, and the security operations capabilities to address security events and incidents.

Organization – Understands the people and roles in the Bank’s Information Technology and Security operations and how they align to the above domains as well as their ability to support Bank’s information security, cybersecurity, and IT risk programs.

Process – Oversees security related processes defined and used within the Bank as related to the above domains.

Tools & Technology – Understands, reviews, and recommends tools and technologies in order for the Bank to manage its security environment.

This is a HYBRID position. You will be required to come into the office at least 2 days a week.

*
Responsibilities: *

The ISO will be responsible, with the support of the Senior Vice President IT and ERM, for establishing and sustaining the Bank’s information security program that will include, but not be limited to the following:

  • Development, implementation, enforcement and compliance of information security and cybersecurity policies and procedures that encompasses:
  • Information Security Awareness Program
  • Cybersecurity Awareness Program
  • User Access and Control Management
  • Monitoring and Surveillance
  • IT Risk Assessments
  • Continuous Vulnerability Scanning and Remediation
  • Incident Response Management
  • Information Security and Cybersecurity Regulatory Compliance
  • Interaction with Regulatory Agencies/Examiners/Auditors
  • Privileged User management and control
  • Penetration Testing
  • Application Security
  • Account Monitoring
  • Wireless Security
  • Need to Know Access
  • Data Protection
  • Boundary Defenses
  • Network Security
  • Data Recovery
  • Network Port, Protocols, and Services
  • Malware Defense
  • Email & Web Browsing
  • Audit Log Monitoring
  • Provisioning of Hardware and Devices
  • Inventory of Authorized and Unauthorized Software & Devices
  • Responsible for regular communication to the Board of Directors regarding the status of the Information Security Program and Information Technology Risk Assessment.
  • Coordinates and implements information and cyber security operations and activities to ensure protection of IT assets while ensuring optimal use of personnel and equipment.
  • Monitors security related application alerts, notifications and reports to ensure the Village Bank environment remains secure and in compliance.
  • Participates with SVP/IT and ERM in establishing strategic plans and objectives and ensures effective achievement of objectives.
  • Provides support to Compliance and Internal Audit by:
  • Ensuring information security initiatives are understood by the business and implemented.
  • Ensuring processes implemented are documented to a sufficient standard to provide evidence for audit purposes.
  • Working with Compliance, IT, Operations, Audit, and vendors to prepare for audits and examinations and address comments or concerns identified during those audits and examinations.
  • Works closely with IT teams to support the agreed risk profile and business operations
  • Coordinates responses and assists where necessary in the preparation and collection of evidence for forensic teams.
  • Works closely with management, peers and industry counterparts to ensure alignment of Bank goals with current information and cyber security industry and regulatory trends
  • Keeps senior management apprised on the status of information and cyber security issues and initiatives.
  • Experience in developing and delivering Information/Cyber Security or other technical training.
  • Attends vendor and industry meetings, seminars and forums to identify opportunities and risks for the Bank.
  • Other related duties assigned as needed.

Supervisory Responsibilities:

Number of employees supervised: 1
Title(s) of employees supervised: Information Security Analyst

*
Experience: *

  • Bachelor’s degree in an IT related field such as computer science/information technology, information security, or networking preferred.
  • 7+ years of experience working with IT operations, information security, or IT/regulatory risk management preferably in a bank setting.
  • Certifications within information and cyber security such as CISSP, CISM, CISA, CCNE, SANS GIAC, etc. are a plus.
  • Demonstrated understanding of the regulatory and audit requirements with respect to information security and privacy issues.
  • Demonstrated knowledge of networks technologies (protocols, design concepts, access control), design, engineering, and security.
  • Demonstrated knowledge of security technologies (encryption, data protection, design, and privilege access).
  • Knowledge of modern network switching and access control technologies including traditional and next generation firewalls, IDS, wireless networking, and techniques for managing and hardening these devices.
  • Must have exceptional interpersonal, analytical and problem-solving skills.
  • Effective communication skills, both verbal and written.
  • Able to communicate security and risk-related concepts to both technical and non-technical audiences in business terms.
  • Must be a self-starter and be able to effectively multi-task.
  • Ability to travel to various work locations as needed.

Job Type: Full-time

Apply to this Job