Information Security Officer
Service Specialists recruiting agency is seeking a Information Security Officer (ISO) for a growing bank in Hattiesburg. This individual is responsible for the development and delivery of a comprehensive information security and privacy program. The purpose of the program is to assure that information created, acquired, or maintained by the bank and its authorized users is used in accordance with its intended purpose; to protect information and its infrastructure from external and internal threats and to assure that Grand Bank complies with statutory and regulatory requirements regarding information access, security, and privacy. The Information Security Officer’s primary goals are to protect the confidentiality, integrity, and availability of information, and maintain the technical mechanisms of legitimate access to it.
PRIMARY DUTIES:
PRIMARY DUTIES:
- Create and maintain Bank Information Security Program, to be presented annually to the Risk Committee along with a security overview, as well as standards and procedures.
- Provides leadership, vision, and direction to the organization on all aspects of Information Security
- Manages the development and implementation of Information Security policy, procedures, standards, and guidelines to ensure information assets and supporting technologies are secure and protected appropriately. Make recommendations for improvements and implement corrective measures to ensure compliance.
- Oversee the dissemination of Information Security policies, standards, and procedures throughout the organization.
- Coordinate the development and delivery of education and training programs on information security and privacy matters for employees and customers.
- Participate, lead and coordinate Information Security risk assessments and audits of the IT infrastructure to ensure consistency of equipment and user practices.
- Analyze, recommend, and apply technology solutions which meet the Information Security control requirements specified by FFIEC and NIST guidance.
- Works with internal and external parties as appropriate to conduct periodic penetration testing activities, security assessments and Information Security audits.
- In conjunction with the Information Technology function, oversee and manage FDIC/State/Internal audit activities, including the preparation of requested documentation for audits, coordination of personnel and oversight of Information Security, and audit findings related to Information Technology.
- Develop and implement incident reporting process to address security breaches and respond to alleged policy violations or complaints.
- In conjunction with department heads, perform periodic user access reviews and administrative activity reviews to ensure compliance.
- Manage the banks formal Vendor Management program. Develop, maintain, and revise as-needed Vendor Management policies, procedures, and forms.
- In conjunction with vendor owners, conduct vendor risk assessments and provide support for periodic review of SASSE16 and SAS70 user considerations.
- Maintain continuous knowledge of security and policy legislation, regulations, advisories, alerts, and vulnerabilities.
- Partner with Information Technology to develop a comprehensive business continuity plan; take ownership of the process of enhancing and testing the plan on a regular and ongoing basis.
- Backup other Information Technology department functions as required.
- Bachelor's degree in computer science or related technical field or a combination of equivalent education preferred.
- Current industry standard Cybersecurity certifications required.
- Current industry standard Information Technology certifications preferred.
- Minimum of 3-5 years of cybersecurity operations experience required.
- Previous knowledge and experience with SOX, HIPPA, GLBA, and PCI preferred.
- Excellent oral and written communication skills.
- Experience working in or managing information security / cybersecurity security departments in a heavily regulated environment required.