Sign up
Sign up
The Information Security Officer/Security Officer is responsible for implementing, maintaining, monitoring, and reviewing the Bank's security controls of its business applications, business processes, third party vendors, and IT data security and controls. The qualified candidate will also be responsible for assisting with identifying, developing, and maintaining the information security metrics for the Bank, serving as the leader of the Incident Response Team, communicating effectively with all employees, customers, third party vendors, internal auditors and regulators, and taking appropriate action to reduce the overall risk to the Bank and its customers. Responsibilities may change as the needs of the department evolve. Rhinebeck Bank is an Equal Opportunity / Affirmative Action Employer.
Assist in compliance with 23 NYCRR Section 500 and all other applicable laws and regulations. Investigate security events and if necessary, escalate to the Incident Response Team and coordinate the response, and work with General Counsel and CRO to determine if notification to the regulators is required. Identify and communicate threat intelligence to appropriate stakeholders. Review internal and external vulnerability assessments and recommend remediation actions. Maintain updated knowledge of security threats, vulnerabilities, and mitigation techniques and communicate to relevant stakeholders. Perform risk analyses and security assessments to identify gaps, new threats and evaluate mitigation actions. Work together with the BSA Officer, BSA Analyst, the Operations' Department, and the Customer Solutions Center on fraud related matters related to information security. Provide reporting for trending and key performance indicators related to the Bank's Information and Cyber Security Program. Review patching and validation that was performed by the IT team to ensure it is complete. Coordinate with IT to develop and maintain a ransomware response playbook. Track cyber security related actual expenses against expected expenses. Review and recommend enhancements to the security programs of all informational platforms, including both physical and electronic. Strong knowledge of SOC 1, SOC 2/Type 1 or SOC2/Type 2 reporting and review procedures. Track, risk rate and monitor vendor cyber security incidents and performance. Must remain current on all BSA/AML laws and regulations and serve as back up to the BSA officer when necessary. Monitor vendor's performance - cases opened, effectiveness of resolutions, timeliness of resolutions. Responsible for maintaining the operational aspect of the vendor management program. Develop and implement physical security procedures, conduct security reviews, and train all employees in accordance with the provisions of the Security Plan and the Bank Protection Act. Manage the relationship with the Bank's outside security firms. Draft and present annual physical Security Risk Assessment to the Board of Directors and update the security risk assessment in Nrisk. Give robbery training classes to staff as necessary. Provide active shooter training to staff as necessary. Work with local and state police and other law enforcement as necessary. Conduct Bi-Annual reviews of ATMs, coordinate any necessary repairs with the Facilities Department and file the appropriate certification with the NYSDFS before January 15th and July 15th of each year. Maintain alarm call lists, which are tracked via the Employee Access Matrix. Assist with fire department inspections and elevator inspections. Conduct monthly reviews of Cameras and DVRs and coordinate any necessary repairs. Review and submit for approval all vendor security invoices. Testify before the Grand Jury when necessary, on behalf of the Bank. Maintain the Employee Access Matrix which tracks both employees and vendors physical access and software and system access, and update when necessary. Issue or disable keys, key fobs and alarm access codes when necessary. Responsible for helping departments to obtain and review due diligence materials when necessary on new or existing vendors. Train employees how to maintain and review their vendors at a minimum on an annual basis. Oversee the operational aspect of the vendor management program and escalate any vendor issues as appropriate.
Education & Experience:
Salary Range: $100k - $120k
The Information Security Officer/Security Officer is responsible for implementing, maintaining, monitoring, and reviewing the Bank's security controls of its business applications, business processes, third party vendors, and IT data security and controls. The qualified candidate will also be responsible for assisting with identifying, developing, and maintaining the information security metrics for the Bank, serving as the leader of the Incident Response Team, communicating effectively with all employees, customers, third party vendors, internal auditors and regulators, and taking appropriate action to reduce the overall risk to the Bank and its customers. Responsibilities may change as the needs of the department evolve. Rhinebeck Bank is an Equal Opportunity / Affirmative Action Employer.