Information Security Officer

The Opportunity The Information Security Officer is responsible for developing, implementing, updating, communicating and managing the Bank's Information Security Program and Policies to ensure that adequate security controls are in place to protect the confidentiality, integrity, and availability of information systems. The ISO is also responsible for proactive planning, trend analysis and reporting and supervised Board communications related to risks and trends. This position will be based in Bryn Mawr, PA. Responsibilities: Develop and maintain Information Security Policies to provide an efficient, effective and up-to-date risk management environment in support of corporate goals Oversee the user application access documentation with information owners for approval Identify and assess the impact of exceptions between the implemented level of security tolerances and Bryn Mawr Trust's Information Security programs and policies. Partner with other parts of the organization, especially IT, in ensuring sound Information Security policies and practices are in place and operating as intended. Conduct information security risk assessments/reviews for presentation to the Board of Directors. Translate data into themes and recommendations for consideration by executive leadership and the Board of Directors and creates presentations for executive leadership and the Board. Distribute periodical reports to LOB management about security alerts that have occurred within their Organization Evaluate effectiveness of security tools and testing methods including but not limited to SOX controls related to information security Work with IT to design and develop systems that monitor system security and provide management reports to protect and ensure the safety of the Bank's information assets Monitor the alert output from security tools; ensure that IT security engineers review and resolve alerts. Verify that information security controls around user access, change management, systems' access and utilization are working as intended through the use of daily monitoring tools and provide reports to management Interact and liaison with internal and external auditors and bank examiners regarding the Bank Information Security Programs including the procurement of information security related documents and reports Requirements: Minimum of seven years of experience in information security, information technology, or related field, with specific experience in administering an information security program Proven track record of results in Information Security, preferably complemented with IT Risk Management and IT Audit; Operational Security experience also a plus. Relevant education of Information Security Management and substantial knowledge of Information Security Standards and regulations (ISO27001/2, HIPAA, FPS, ISF Standards of Good Practice) required.  CISM, CISSP and CISA certifications required. Working knowledge of, and experience in the policy and regulatory environment of information security and business continuity planning Excellent planning, project management, and organizational skills An excellent communicator, verbally and in writing with well-developed influential negotiation and persuasion skills Demonstrated proficiency with computer programs and applications Exceptional analytical skills and proven track record for being able to troubleshoot and prioritize needs Demonstrated track record of continuous learning about banking security, cyber-attacks and information system security in general Ability to multi-task and run multiple projects concurrently while meeting deadlines; must be calm under pressure and competing priorities Experience in a team environment - must work well with a variety of backgrounds and experience levels, internal associates and external vendors, regulators and law enforcement.
Salary Range: NA
Minimum Qualification
8 - 10 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.