Information Security Manager

General Responsibilities / Job Summary:

As a key member of the Risk Department, the Information Security Manager (ISM) is responsible for establishing and maintaining the bank's Information Security Program to ensure information assets and technologies are adequately protected. Tactically, the ISM is responsible for managing the day-to-day activities of the IT Security Team as well as providing technical direction for projects and audits. Strategically, the ISM will collaborate with other organizational leaders and third parties, as appropriate, to promote and advance the institution's security culture and program implementation.

Essential Functions/Duties:

1. Embrace the LINK corporate values of LIVE, INTEGRITY, NURTURE, KNOWLEDGE and infuse those values throughout the company.
2. This position requires the employee to possess a positive attitude and willingness to learn, while providing superior client services to all members of LINKBANK.
3. Manage risk with a pragmatic perspective, understanding that security is important and needs to support the success of the business.
4. Maintain and evolve Information Security Program policies, procedures, and standards, including those related to incident response (IR), business continuity (BC), and disaster recovery (DR). This will include the maintenance of playbooks and facilitation of periodic testing.
5. Oversee IT security controls, including assisting in the research, planning, and implementation of cybersecurity infrastructure, security of technologies/services, and vendors to drive process improvements, integrate automation, increase efficiency, strengthen service delivery, and improve security posture.
6. Take ownership of establishing, maintaining, and enforcing security policies and standards both within team and across the organization. Work proactively and collaboratively to achieve change management and buy-in.
7. Manage and work with the team and other responsible parties during security incidents to ensure containment, remediation, and restoration. Lead post-incident analysis and compile and convey lessons learned to applicable parties.
8. Oversee Identity and Access Management Program including timely provisioning, deprovisioning, and annual review activities.
9. Maintain a vulnerability management program and work with team members to remediate issues found.
10. Define and maintain a data governance program.
11. Conduct risk assessments including those for information/cyber security and data governance.
12. Manage, monitor, and analyze security technology outputs, including intrusion detection/prevention results, vulnerability scans, Security Information and Event Management results, etc., to identify threats, formulate strategies, and recommend improvements to mitigate threats and improve the overall environment security.
13. Oversee Information Security Committee meetings to review the metrics used to measure the strength of our security program, review trends, and discuss information security topics. As part of this, provide regular and consistent reporting on the Information Security Program status.
14. Assist in the review and risk assessment of third-party entities and solutions to support third-party risk management.
15. Participate in maintaining appropriate cybersecurity insurance, including involvement in security assessments/reviews with insurance brokers/providers.
16. Maintain and enhance the company-wide security awareness program, which may include participation in training, presentation, or report development or delivery.
17. Facilitate cooperative relationships with Auditors and Examiners to gather and provide requested information security artifacts.
18. Comply with applicable banking regulations, including GLBA, BSA, AML, OFAC, and PCI policies and procedures.
19. Other duties as assigned.

Requirements

Minimum Qualifications:

• Education/Training: Bachelor's degree in Computer Science, Cyber Security, or equivalent.

Knowledge/Skills/Abilities:

• Excellent knowledge in Information and Cyber Security practices and real-life scenarios. Up to date with the current (and future) levels of IT security, threats, vulnerabilities that could impact the banks digital and financial asset responsibilities.
• Demonstrated continuing education in relevant knowledge areas, such as participation in seminars, attendance at conferences, or review of research publications.
• Exposure to oversight of Information Security Program, with operational experience. Includes exposure to strategy development/execution, budgeting, and contract/service level agreement development or management.
• Exposure to networking and server administration.
• Demonstrated sound judgement and problem-solving skills.
• Strong project management skills and management of development, maintenance, and support teams.
• Strong verbal and written communication skills.
• Well-developed interpersonal skills.
• Proven leadership ability.

Experience: Minimum of five (5) years of experience in the Information Security field.

• Required Certification/Licenses: Active cyber-security certification from an accredited organization, such as ISC2, CISA, CompTIA, EC-Council, ISACA, GSEC, etc. Post hire certifications may be required to gain knowledge needed to stay current in field.

Travel Requirements: Ability to travel to all locations in the bank's footprint and conferences as needed.

Physical and Mental Job Requirements:

• Technical and detailed analytical work on the computer.
• Must be able to communicate effectively orally and in writing and deliver and receive information clearly, concisely, and accurately.
• Must have the visual acuity required to work at a computer terminal.
• Must have the ability to perform activities such as prepare and analyze data and figures, view computer screen, extensive reading, and report preparation.

Working Conditions:

This job operates in a professional office environment. This role routinely uses standard office equipment, such as computers, printers/copiers, phones, and postage meters.