Information Security Officer

Orange Bank and Trust Company

Middletown, NY

JOB DETAILS
SKILLS
Analysis Skills, Business Processes, CCSP - Cisco Certified Security Professional, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Communication Skills, Computer Science, Computer Security, Federal Laws and Regulations, Financial Services, Gap Analysis, Human Resources, ISO (International Organization for Standardization), Information Assets, Information/Data Security (InfoSec), Internet Security, Maintain Compliance, Office Equipment, Outsourcing, Presentation/Verbal Skills, Program Evaluation, Protective Services, Regulatory Compliance, Risk Management, Security Analysis, Security Monitoring, State Laws and Regulations, Technical Leadership, U.S. National Institute of Standards and Technology (NIST)
LOCATION
Middletown, NY
POSTED
2 days ago

General Summary:

The Information Security Officer (ISO) acts as an advisor to Management in the development, execution, and ongoing refinement of the Bank's Information and Cyber Security Program. The ISO is responsible for assisting with the mitigation of information and cyber security risks, maintaining ongoing regulatory compliance, and ensuring that risks associated with the Bank's information assets and critical business processes are effectively managed. The role requires an appropriate level of independence while maintaining close collaboration with senior management, technology leadership, and the Board of Directors.

Essential Duties and Job Responsibilities:

  • Serve as the primary advisor to Management on information and cyber security risk management and compliance.
  • Enhance and maintain the Bank's cyber security technology suite.
  • Ensure regulatory compliance and drive gap analysis and remediation efforts.
  • Execute information and cyber security initiatives as directed by the Cybersecurity Management Committee.
  • Monitor federal and state regulatory changes and ensure program compliance.
  • Identify and oversee remediation of security exposures and control gaps.
  • Assist with development of security incident reports and post-incident analysis.
  • Evaluate and approve outsourced security services.
  • Maintain independence and escalate concerns to senior management and the Board.
  • Monitor program effectiveness and report to the Technology Committee and Board.
  • Review internal and third-party security assessments.
  • Monitor threat intelligence and emerging cyber risks.

EDUCATION, CERTIFICATION, AND EXPERIENCE

Required Education:

  • Bachelor's degree in information security, Computer Science, or related field
  • Experience in information security and regulatory compliance within financial services.
  • Professional certifications such as CISSP, CISM, CCSP

Preferred Education:

  • Knowledge of FFIEC, NY DFS, and NIST frameworks
  • Experience in information security and regulatory compliance within financial services.

Work Related Experience:

Required: Minimum of 8+ years Information Security and practical hands-on experience

Preferred: 10+ years of Information Security within Financial Services

KNOWLEDGE, SKILLS, AND ABILITIES

Strong understanding of security governance and risk management. Excellent communication and presentation skills. Ability to exercise independent judgment. Strong organizational and analytical skills.

WORK ENVIRONMENT:

  1. Flexibility to work additional hours including nights, weekends and holidays, as required.

  2. Typically, the noise level in the work environment is low to moderate.

  3. Will have a high volume of interactions in person and over the telephone.

  4. Fast-paced environment.

  5. May experience occasional job stress in response to job demands.

PHYSICAL DEMANDS:

  1. Frequently required to sit for prolonged periods of time.

  2. Frequently required to skillfully operate a computer, telephone and other standard office equipment.

  3. Travel between all locations of the bank.

  4. Occasionally travel outside of work location to attend meetings and training programs.

  5. Occasionally lift and/or move up to 20 pounds or more.

Special Note:

External and internal applicants, as well as position incumbents, must be able to perform the essential job functions as set forth above. Orange Bank and Trust Company is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee on the basis of age, sex, sexual orientation, race, color, creed, religion, ethnicity, national origin, alienage or citizenship, disability, marital status, military or veteran status or any other legally-recognized protected basis under federal, state or local laws, regulations or ordinances.

Upon request, individuals with disabilities may be entitled to reasonable accommodation. Reasonable accommodation is a change in the way things are normally done that will ensure an equal employment opportunity without imposing an undue hardship on the bank. Please inform the Human Resources Department if you need assistance completing any forms or to otherwise participate in the application process or, at the appropriate time, to perform the essential functions of the job.

This job description in no way states or implies that these are the only duties to be performed by an employee. Additional functions and requirements may be assigned by supervisors as deemed appropriate, based on the employee's knowledge, skill and ability as well as his/her mental and physical abilities.

About the Company

O

Orange Bank and Trust Company