• Responsible for the ongoing management of the Information Security Program which includes information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all the organization.
• Development and maintenance of policies related to security (Infrastructure/Applications), network architecture, monitoring, and entitlement.
• ISO will approve all requests for access to information technology, applications, and systems in addition to approving all changes or removals of access.
• Lead all Incident Response activity and will be responsible for coordinating with Law Enforcement as appropriate, provide recommendations to Executive Management on the best course of action, and oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Responsible for all physical security for the bank, including burglar and fire alarm systems, video recording systems, guard services, etc. are all part of the scope of physical security managing the systems and vendor relationships associated with this area.
• The ISO is responsible for security audit and continuous monitoring of the IT Security Control environment.
• The ISO will oversee compliance with Annual Execution of the BIA/BCM updates, review, and testing and will report to Executive Management the status of these activities. The ISO will be responsible for coordinating the annual BCM testing and will review and approve all scenarios that will be used for the plan.
• Responsible for approving all change management requests involving Infrastructure, applications, middleware, telecommunications, etc., that impact the security posture of the organization.
• Recommends information security strategies, policies, and procedures by evaluating organization outcomes; identifying problems; evaluating trends; anticipating requirements.
• Provide vendor security evaluation and due diligence prior to vendor selection and routinely evaluate the effectiveness of controls after vendors and service providers initiate service.
• Collaborate with management in the strategic planning of information security policies and procedures. Work with management, department heads, the CIO, Compliance Officer, Risk Management, Human Resources, etc., to ensure compliance with the security and privacy regulations and state and federal laws protecting customer confidentiality and privacy.
• Revise the security program as necessary to comply with changes in the law, regulations, professional ethics, and as necessary because of changes in business operations.
• Responsible for providing training to employees on security policies, GLBA, and other topics and prepare papers/articles on good security practices.
• Maintain awareness of changes in security risks, security measures, and computer systems.
• Ensures completeness and accuracy of inventory of all IT systems and IT controls. The inventory should include detailed descriptions as well as diagrams to show the physical and logical placement of systems and controls, and must maintain compliance with regulatory requirements.
• Routinely monitor, evaluate and periodically test IT controls deployed at the bank such as:
• Intrusion Detection Systems (IDS) and incident response, including preparation of detailed analysis reports and incident response documentation
• Firewalls
• Server log data to correlate with known and potential security vulnerabilities and integrity issues
• Patch management
• Responsible for completing annual training program assigned.
• Performs other functions and/or duties as assigned.

Required Qualifications:

• Education: Bachelor’s Degree in Information Technology or equivalent work experience.
• Experience: Ten (10) years of experience in the Banking industry in the Information Security unit.
• Proficient and advanced computer skills including but not limited to proficiency in Microsoft Office (Word, Excel, Power Point, etc.)
• Must be bilingual in both English and Spanish. Ability to fluently speak, understand, read, and write both languages.
• Strong verbal and written communication skills, ability to communicate at all levels of the organization.
• Strong attention to detail and accuracy.
• Knowledge of the bank’s system and processing activities.
• Experience in Management of both physical and logical information security systems.
• Strong analytical skills in order to detect and identify weaknesses in the bank’s systems and the ability to identify the root cause of the weakness.
• Strong technical skills (application and operating system hardening, vulnerability, assessment, security audits, TCP/IP, Intrusion detection, firewalls, etc.
• Strong presentation skills to various levels of the organization.
• Strong knowledge of Banking Regulations compliance, and bank security rules and regulations.
• Ability to multi-task, with strong organization, time-management and prioritizing skills.
• Strong customer service skills, ensuring satisfaction of both internal and external customers.
• Ability to work and complete tasks producing high-quality results within a fast-paced environment.

Benefits

• Competitive base salary.
• PTO
• Hybrid Work Model (remote and on-site work)
• Tuition Reimbursement.
• Paid Parental Leave
• Medical, Dental, Vision
• 401k
• Life Insurance
• Supplemental Insurances
• Short-Term & Long-Term Disability