American Savings Bank
Receive alerts when this company posts new jobs.
Information Security Risk Program Manager
at American Savings Bank
The Information Security Risk Program Manager leads the team to identify information security risks, improve information security awareness, education and training, and implement the Information Security program. Supports the company's information security program to ensure that information security standards, practices, & controls are in place to adequately mitigate risk to the Bank.
- Works with IT and internal operations to ensure the safeguarding of all confidential, proprietary, privileged, and protected information assets, including customer data. Monitors essential processes to ensure compliance with policies, standards, practices and guidelines. Assists with information security compliance with applicable laws and regulations, regulatory requirements and Bank policies and procedures, including but not limited to GLBA, FACTA, PCI DSS, Anti-Money Laundering laws and regulations, Bank Secrecy Act and USA PATRIOT Act.
Develops and performs information security and vulnerability assessments, testing on applications, systems, and infrastructure to ensure appropriate protection of sensitive customer and company information; performs risk analysis and recommends remediation for deficiencies. Tracks and reassesses remediation(s) to ensure compliance with policies and operational standards.
Leads Information Security risk management activities including information security risk assessment, vendor reviews, and manages the remediation of identified gaps and issues.
Provides reporting and measurements of program effectiveness and provides analysis to senior management.
Ensures technical enforcement of internal security policies to maintain the integrity of the networks, systems and applications utilized throughout the organization, including functionality of user access controls.
Develops and conducts bank-wide/departmental information security training. Maintains current knowledge of evolving information security risks, particularly cyber security, new and evolving trends with mitigation tools and changes to security regulations affecting financial institutions.
Recommends, maintains, develops, and revises all information security governance documentation.
Acts as a subject matter expert for information security with respect to Technology, Enterprise Risk, and other related teams across the bank.
Builds and matures a culture focused on the proactive awareness and improvement of the risk environment.
Ensure work performed is compliant with all banking laws and regulations relevant to data security.
- College (4-year degree) in Computer Science or a related technical discipline; or the equivalent combination of education; professional training, or work experience.
- 10 years direct experience in developing information security programs and assessing effectiveness of such programs, preferably within a financial services organization.
- 5 years leading information security risk assessments, vendor risk management programs, developing information security awareness and education programs, managing information technology or security projects, Sarbanes Oxley, Federal Financial Institutions Examination Council, and Gramm-Leach Bliley Act.
- Possesses good working knowledge of security principles, risk assessment policies and standards; demonstrates solid understanding of security best practices, products and technologies, including wireless security and virtualized security.
- Possesses solid understanding of Federal and state laws/regulations relating to information safeguards and controls, including laws such as National Institute of Standards & Technology (NIST). Knowledge of the Federal Financial Institutions Examination Council (FFIEC) and section 501(b) of the Gramm-Leach-Bliley Act is a plus.
- Demonstrates strong written, verbal, and interpersonal skills to effectively communicate complex IT security concepts to a diverse audience.
- Demonstrates in-depth analytical skills, including the ability to consolidate broad data sets from multiple sources, both internal and external, to identify patterns and/or risk factors.
- Must be self-motivated with a strong willingness to learn in a hands-on learning environment. Critical thinker with the ability to research, develop and communicate solutions to detect security incidents in a timely manner.
- Demonstrated experience in the areas of continuous monitoring, vulnerability management, Incident Response, Security Operations Center, malware anaCurrent certification in one or more of the following is preferred: (ISC)2 CISSP or CCFP, ISACA CISA, ISACA CISM, SANS GIAC, EC-Council ECIH, or EC-Council CHFI.lysis and/or reverse engineering is a plus.
- One (or more) of the aforementioned information security certifications preferred or must be obtained within 6 months of hire