ESSENTIAL DUTIES AND RESPONSIBILITIES:

Information Security Program (ISP):

• Promoting information security awareness across business units.
• Establishing and maintaining information security policies and procedures.
• Reviewing audit logs, events, reports, and alerts, formulating responses with thoroughly evidenced and well-reasoned discussion of appropriate resolution.
• Monitoring and reporting on patch and vulnerability management strategies.
• Identifying areas of non-compliance or risk and presenting recommendations for remediation.
• Participating in systems and controls risk assessments.
• Managing the social engineering awareness program, including suspicious message review, periodic training and testing deployment, and reporting functions.

Third Party Risk Management (TPRM) Program:

• Participating in the active management and oversight of the TPRM lifecycle.
• Conducting TPRM risk assessments, proactively identifying and addressing potential 3rd and 4th party risks.
• Collecting and reviewing documentation associated with third party relationships.
• Completing comprehensive written evaluations of vendor provided documentation.
• Ensuring timely completion of oversight tasks in alignment with established requirements.
• Contributing to TPRM policy and procedure development, ensuring compliance with laws, regulations, and industry best practices.
• Providing regular progress reports.

QUALIFICATIONS AND REQUIREMENTS:

• Bachelor's degree in information technology or related field, or equivalent relevant work experience. Related professional certifications will also be considered.
• Minimum 5 years’ information security related experience, preferably in a financial institution setting.
• Excellent written and verbal communication skills including the ability to conduct thorough, documented research and present findings clearly and comprehensively.
• Strong analytical and critical thinking capabilities.
• Strong work ethic and ability to achieve individual results within a team environment.
• Ability to work independently and manage multiple concurrent tasks while meeting deadlines.

WORK ENVIRONMENT: We offer a hybrid schedule, with 3 days in office and 2 days remote after the initial 90-day period.

CFG Bank is an Equal Opportunity Employer. We provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, or any other legally protected characteristic. We are committed to ensuring a diverse and inclusive workplace, and all employment decisions are based on merit, qualifications, and business needs. If you require accommodations during the application process, please contact Human Resources.