Information Security Officer, SVP

job
  • Kavaliro
Sorry the Job you are looking for is no Longer available

Job Summary
Location
Santa Rosa ,CA
Job Type
Contract
Visa
Any Valid Visa
Salary
PayRate
Qualification
BCA
Experience
2Years - 10Years
Posted
19 Dec 2024
Share
Job Description

The Information Security Officer is a management position responsible for overseeing the security of client information systems, primarily as it relates to cybersecurity risks, and including oversight of related services provided by a third party IT Managed Service Provider (MSP). The ISO will monitor the risks and controls related to the IT environment, and with the assistance of the MSP, safeguards information by ensuring that security risks are identified, assessed, mitigated and accurately reported. The ISO is responsible for developing Information security initiatives to accommodate current and future organizational needs, including budget and strategy preparation, and presentation of matters to executive management and/or IT Committee.


The ISO must lead with a focused vision, a commitment to open communication, providing and receiving constructive feedback, inspiring professional growth, and motivating through trustworthy and positive relationships to ensure a productive workplace environment.


Ensures compliance within all policies and procedures, as well as all applicable state and federal regulations.


Essential Duties and Responsibilities include the following. Other duties may be assigned.

  • Actively manages MSP relationship through consistent communication, follow up and escalation, including ensuring adherence to Service Level Agreements
  • Works closely with MSP to actively ensure appropriate cyber security, administrative, physical and technical safeguards are in place to protect information assets from internal and external threats
  • Develops and maintains an information security control framework in accordance with applicable security regulations, guidance, policies and standards (e.g., GLBA, FFIEC IT Examination Handbook, FDICIA, NIST, and other industry-relevant security standards)
  • Consults with senior management and IT Committee to analyze computer system needs for management information and functional operations, to determine scope and priorities of projects, and to discuss system capacity and equipment acquisitions
  • Recommends and develops plans for systems development and operations, hardware and software purchases, budget, and staffing
  • Regularly review the service and security metrics and takes action as needed
  • In partnership with the MSP and in-house IT personnel, manages projects pertaining to the implementation, installation, and operation of information and functional systems for the organization
  • Develops, implements, and monitors management information systems policies and controls to ensure data accuracy and security, as well as legal and regulatory compliance, and compliance with policies and procedures
  • Consults with auditors and examiners and ensures completion of remediation of relevant audit findings
  • Partners with the Information Technology Officer by providing system application and technical expertise to facilitate the development of goals, policies, standards, and procedures
  • Oversees the development and implementation of methods and tools to benchmark, analyze, standardize, simplify, automate, report on and continuously improve IT systems and processes to optimize levels of service and control costs
  • Evaluates vendor proposals for purchases of technology solutions and services to assure adherence to technical specifications and business needs
  • Develops, maintains, and tests disaster recovery plans for all systems
  • Acts as committed owner of the security incident and vulnerability management processes, including the Incident Response Plan and Business Continuity Plan in collaboration with the Information Technology Officer and MSP
  • Reports relevant information security and service metrics to IT Committee on a quarterly basis or more frequently as necessary
  • Responsible for maintenance of Information Security Policy and security awareness training for personnel
  • Serves as the Privacy Officer
  • Maintains GLBA Risk Assessment, Cyber Security Risk Assessment and other relevant risk assessments, often with the assistance of MSP
  • Assures compliance with all policies and procedures, as well as, all applicable state and federal regulations
  • Serves as a member of the IT Committee; makes presentations and facilitates discussions at IT Committee meetings. Develops information security policies, budgets and strategic plans to be presented to IT Committee and/or the Board of Directors for approval


Supervisory Responsibilities:

  • The SVP, Information Security Officer directly manages the Information Security Team.
  • Responsible for overseeing the information security services provided by the MSP and holding the MSP accountable to its service commitments to the client.


Qualifications:

  • Minimum of 10 years of relevant experience, including in a 3rd party IT managed service provider environment
  • Bachelor’s degree or work experience equivalent with sufficient background in information security and business management disciplines
  • Must possess relevant professional certification(s), such as CISSP, CISSO, CISA and/or CISM
  • Experience managing projects or programs to achieve information security objectives
  • Understanding of current technology and regulatory trends affecting financial institution information security programs
  • Demonstrated ability to analyze security and technology control effectiveness
  • Ability to evaluate, analyze, synthesize information to make decisions
  • Ability to interact with a wide range of internal staff members and external professionals, including regulators, consultants, auditors, legal counsel and others
  • Strong understanding of computer systems, networks, security, telecommunications, databases, and storage systems
  • Ability to successfully participate and lead the execution of complex, enterprise-level projects with different teams with diverse personalities
  • Skilled at both working solo on projects and equally at working closely and collaboratively with team members, sharing out responsibilities
  • Effective analytical skills with an ability to identify issues and resolve, or identify the resources to assist in resolution
  • Able to address issues quickly. Comfortable taking on multiple, concurrent projects and working under tight deadlines to address critical issues
  • Strong organizational planning skills and understanding of project management concepts
  • Tolerant of ambiguity and the flexibility to work well in a dynamic environment with evolving priorities
  • Strong professional and technical communication skills (both written and verbal)
  • Expertise in deploying and supporting SaaS applications, especially with SAML/SSO products like Okta
  • Knowledge of administration of mobile computing products using enterprise management tools
  • Able to troubleshoot difficult and complex problems with applications
  • Comfortable and confident in speaking openly, whether with team members or executives, always leading with a positive, service-oriented attitude
  • Flexible and innovative team player with a roll-up-the-sleeves attitude and a hands-on approach
  • Ability to manage time effectively and be focused on setting and executing clear objectives and priorities
  • Commitment to excellence and high standards
  • Ability to demonstrate excellent customer service and interpersonal skills
  • Excellent communication, explanatory, writing and relationship-building skills, with an ability to prioritize, negotiate, and work with a variety of internal and external stakeholders
  • Willing to work flexible hours including evenings and weekends as the job demands and travel as required

Other Smiliar Jobs
There are no data records to display.