Position Overview
The goal of The Information Security Officer is to ensure that each functional area of the Bank achieves and maintains an adequate level of compliance with all applicable laws, rules and regulations, in order to protect the interests of the Bank and prevent fines, penalties or other regulatory sanctions, as well as reduce exposure to risk and potential litigation. This includes ensuring the Bank has industry standard controls to protect the confidentiality, integrity and availability of information owned, controlled or processed by the Bank.
• Develop, implement, and maintain the bank’s information security program in alignment with industry standards and regulatory requirements (e.g., GLBA, FFIEC, NIST, ISO 27001).
• Annual director and staff InfoSec training.
• Annual policy review/update.
• Annual user access reviews.
• Oversight of the incident response program.
• Liaise between the IT Team and Compliance, Audit, Legal and HR management.
• Work directly with the business units to facilitate IT risk analysis and risk management.
• Process, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.
• Participate in IT-related management committees in an advisory and leadership role.
• Oversight/tracking of audit/regulatory findings/corrective actions related to InfoSec.
• Administration of quarterly penetration testing, i.e. oversight of the vendor; follow-up.
• Administration of the quarterly phishing test program.
• Perform daily, weekly, monthly reviews of user activity.
• Produce periodic reports to the Board and senior level committees on the current state of the Information Security program.
• Assist in the development and execution of comprehensive Bank-wide risk management and compliance programs.
• Develop and maintain written risk management and compliance policies and procedures.
• Maintain a current awareness of the regulatory environment and a working knowledge of state and federal laws and regulations.
• Assist or partner with third-party or internal audits/reviews of the adequacy and effectiveness of the Bank’s internal controls and operating procedures with respect to applicable laws and regulations and adherence to the Bank’s risk management and compliance policies.
• Analyze and evaluate audit findings, and, if appropriate, assist in initiating changes in the Bank’s policies, procedures, and control systems for compliance and risk management.
• Lead investigations of security incidents and breaches, providing recommendations for corrective actions and reporting findings to senior management.
• Research Information Security issues and questions and provide interpretations of clarifications to employees or auditors.
• Participate in the development of new products and services to ensure proper controls for the confidentiality, integrity and availability of data and systems.
• Set priorities while working independently on multiple concurrent projects without direct supervision.
• Continuously assess and enhance the bank’s security program to address evolving cyber threats and changes in regulatory requirements.
• Work in a cross-functional team environment and interact with senior risk management staff, line of business management, Internal Audit, Legal, Compliance personnel, and all levels of Bank staff.
• Demonstrate a willingness to be a contributing and engaged member of the team by sharing knowledge, working towards common goals and maintaining a positive attitude.
• Acts as a cultural ambassador to internal and external clients, providing a professional, exceptional, and supportive experience with each interaction.
Minimum Qualifications
• 8 years of financial services experience
• 8 years of information security, IT/IS auditing, IT/IS risk management and/or IT/IS bank management experience
• 4- year Undergraduate Degree (e.g., BS or BA) or equivalent combination of education and experience
• Knowledge of banking laws or regulations, constructing bank policies, generally accepted operating procedures, and internal controls.
• Advanced communication skills, with the ability to communicate effectively at all levels of the Bank.
• Strong analytical and planning skills, critical-perceptive judgement, and creativity in identifying and solving complex issues.
• Proficient in Microsoft Office suite.
Preferred Qualifications
• CISSP, CISM, CompTIA Security+, or other security/technical certifications.
• Self-motivated with action and results delivery orientation; demonstrated initiative and accountability by willingness to assume additional duties other than assigned.
• Consult, facilitate and build relationships in order to foster partnership, collaboration & teamwork across all levels of the organization.
• Works independently and with others to identify issues and develop solutions.
• Demonstrates strong interpersonal and written/ verbal communication (listening, confidence, professionalism, persuasion) with individuals across all levels of the organization.
• Resourceful and flexible with regard to shifting priorities, new demands and challenge.
Our Way
Preserve and enhance our culture in which the values of honesty, integrity, confidentiality, trust and respect are the underlying principles by which we work
Make a meaningful difference in our community through our service and financial support
Maintain a safe and sound institution that operates in conformity with the spirit as well as the letter of all applicable laws, rules and regulations, and to maintain open and forthright communication with our regulators
Benefits
You will have the opportunity to participate, subject to the terms and conditions of the respective plans, in a comprehensive package of benefits. As a highlight:
• Eligibility for health, dental, vision, life and disability insurance coverages
• Retirement Plan - 401k with matching
• ESOP- Employee Stock Ownership Plan
• Time away from work – vacation time, sick time and holidays
• Paid parental leave
• Tuition Assistance
• Professional development opportunities
THE BANK OF TAMPA IS AN EQUAL OPPORTUNITY EMPLOYER
A DRUG FREE WORKPLACE
E-VERIFY EMPLOYER