Chelsea Groton Bank
Risk Management- Information Security Officer
Chelsea Groton Bank, Groton, Connecticut, us, 06349
Chelsea Groton Bank
is looking to hire a motivated and dynamic individual for our Risk and Compliance department. The
Information Security Officer (ISO)
is responsible for establishing and coordinating information security efforts bank wide, including managing information security monitoring, in conjunction with the Information Security Steering Committee. The Information Security Officer will work with other functions such as Technology, Compliance, Digital Banking, Enterprise Risk Management (ERM), Fraud, Operations, and Physical Security to identify, assess, mitigate, monitor, and report on information security risks. The Information Security Officer is responsible for the leadership and management of the Incident Response Team.PRIMARY ACCOUNTABILITIES/RESPONSIBILITIESWorking in conjunction with the Information Security Steering Committee, develops and maintains the company's information security program, ensuring compliance with all relevant regulations, industry standards, and best practices such as FFIEC, NIST, CIS, including strategies to monitor and address current and emerging risks. Provides internal guidance with respect to response to information security threats both internal and external. Implements the information security strategy and objectives, as approved by the Board of Trustees.Presents to the Board the annual Information Security Report, including the elements outlined in Appendix B of Part 364 Interagency Guidelines, as well as topics of information security interest.Responsible for the leadership and management of the Incident Response Team. Maintains and coordinates the Bank's Incident Response Plan and table-top exercises and supports the Bank's business continuity and disaster recovery exercises.Ensures the completion of daily reviews of various logs and reports relating to information security (e.g., COCC Security Operations Center (SOC) reports, security dashboards, anti-virus, firewall, security logs, and network traffic) and ensures appropriate follow-up action is taken.Responsible for creating and implementing the enterprise-wide information security training program, with the guidance of the Information Security Steering and Technology Committees.Evaluates effectiveness of information security, privacy and incident response planning programs and procedures of third parties with whom the company engages as software, hardware and/or service providers. Reviews and summarizes critical vendor SSAE-18 reports and vendor prepared summary of SSAE-18 Reports.Performs risk assessments in information security, cybersecurity, privacy, and incident response planning in accordance with schedules as prescribed by regulators and/or industry best practices to ensure information security risks are accurately identified, measured, monitored, mitigated and reported.Engages with management in the lines of business to understand new initiatives, identify the inherent information security risk of these activities, as well as collaborate on controls to reduce the residual risk within the Bank's risk appetite. Understand and document the flows of information and the risks to that information.Oversees user access/provisioning for various systems used by the company.Serves as the Information Security representative on management committees to enhance the organization's security posture and develop solutions to maintain compliance with regulatory requirements.Monitor metrics/reports/dashboards to measure information security risks and present results to the Technology Committee.Participate in industry collaborative efforts to monitor, share, and discuss emerging security threats. Monitor emerging risks and recommend mitigations.Keep abreast of federal and state legislative, regulatory and judicial changes, as well as industry trends related to information security, including but not limited to GLBA, FFIEC, NIST, and CIS guidance.Works with auditors and examiners with items related to information security risk management. Monitor the status of corrective actions on findings noted.Promotes the Bank's products and services and maintains an active participation in community affairs.Responsible for adhering to bank policies and procedures related to regulatory compliance requirements applicable to the job function.Performs related and unrelated duties as needed.POSITION REQUIREMENTS:Bachelor's degree in Computer Science, Management Information Systems or a related field. CISSP, RISC, CISM, or similar level information security management certification. Minimum of 3 years of professional experience designing and maintaining information security policies and procedures. Minimum of 3 years leading IT security projects and teams to develop security and compliance solutions.Demonstrated experience with various information security frameworks and guidance. Demonstrated understanding of technical security controls, including secure network architecture, systems security, encryption systems, and database security. Ability to research regulatory guidance, and independently and proactively research and interpret such guidance and other relevant industry standards. Ability to develop, document and implement appropriate policies and procedures based upon such research and interpretation.Ability to work in a collaborative environment with all levels of bank management, regulatory examiners and external auditors is essential. Effective communication and organizational skills.SUPERVISORY SCOPE:
Limited supervisory responsibilityINDEPENDENT ACTION:
Establishes own work plan and performs work independently within scope of established guidelines and practices. May refer specific problems to the Chief Risk and Compliance Officer, when necessary.COMPLIANCE:
Responsible for adhering to bank policies and procedures relating to regulatory compliance requirements applicable to the job function including but not limited to Bank Secrecy Act, Anti-Money Laundering and Fair Lending.Why Choose Chelsea?The Bank has been named a Top Workplace in Connecticut since 2016. And with good reason! Our team members are encouraged and empowered to be better, go further, and help others. And there are lots of other perks too - competitive salary, 401(k) plan, paid time off, health benefits, wellness and engagement programs, leadership training, professional development, and learning opportunities for all team members, and more! Several members of the Bank's team have been recognized in our industry and throughout the community by earning awards such as the Connecticut Bankers Association
New Leaders in Banking , ICBA
Forty Under 40 , The Day
Forty Under 40 , Banking New England
Women of FIRE , and more.At Chelsea Groton, we don't just meet the expectations of our community; we exceed them in the ways we, as a mutual bank, do business, and how we support local organizations financially and through volunteerism. We are focused on bringing together the best in digital, remote, and in-person capabilities. Our approach is designed around the lives of our customers so they can manage finances when, where and how they want, and team members can provide support to our customers in more ways too.Apply today to join a company named Best Bank by The Day (2015 - present), Top Workplace by the Hartford Courant (2016 - present), and one of Forbes Best-In-State Banks (2021, 2022)!Responsible for adhering to Bank policies and procedures relating to regulatory compliance requirements applicable to the job function including but not limited to the Bank Secrecy Act, Anti-Money Laundering, and Fair Lending. EOE/AA/M/F/D/V. Member FDIC.
#J-18808-Ljbffr
is looking to hire a motivated and dynamic individual for our Risk and Compliance department. The
Information Security Officer (ISO)
is responsible for establishing and coordinating information security efforts bank wide, including managing information security monitoring, in conjunction with the Information Security Steering Committee. The Information Security Officer will work with other functions such as Technology, Compliance, Digital Banking, Enterprise Risk Management (ERM), Fraud, Operations, and Physical Security to identify, assess, mitigate, monitor, and report on information security risks. The Information Security Officer is responsible for the leadership and management of the Incident Response Team.PRIMARY ACCOUNTABILITIES/RESPONSIBILITIESWorking in conjunction with the Information Security Steering Committee, develops and maintains the company's information security program, ensuring compliance with all relevant regulations, industry standards, and best practices such as FFIEC, NIST, CIS, including strategies to monitor and address current and emerging risks. Provides internal guidance with respect to response to information security threats both internal and external. Implements the information security strategy and objectives, as approved by the Board of Trustees.Presents to the Board the annual Information Security Report, including the elements outlined in Appendix B of Part 364 Interagency Guidelines, as well as topics of information security interest.Responsible for the leadership and management of the Incident Response Team. Maintains and coordinates the Bank's Incident Response Plan and table-top exercises and supports the Bank's business continuity and disaster recovery exercises.Ensures the completion of daily reviews of various logs and reports relating to information security (e.g., COCC Security Operations Center (SOC) reports, security dashboards, anti-virus, firewall, security logs, and network traffic) and ensures appropriate follow-up action is taken.Responsible for creating and implementing the enterprise-wide information security training program, with the guidance of the Information Security Steering and Technology Committees.Evaluates effectiveness of information security, privacy and incident response planning programs and procedures of third parties with whom the company engages as software, hardware and/or service providers. Reviews and summarizes critical vendor SSAE-18 reports and vendor prepared summary of SSAE-18 Reports.Performs risk assessments in information security, cybersecurity, privacy, and incident response planning in accordance with schedules as prescribed by regulators and/or industry best practices to ensure information security risks are accurately identified, measured, monitored, mitigated and reported.Engages with management in the lines of business to understand new initiatives, identify the inherent information security risk of these activities, as well as collaborate on controls to reduce the residual risk within the Bank's risk appetite. Understand and document the flows of information and the risks to that information.Oversees user access/provisioning for various systems used by the company.Serves as the Information Security representative on management committees to enhance the organization's security posture and develop solutions to maintain compliance with regulatory requirements.Monitor metrics/reports/dashboards to measure information security risks and present results to the Technology Committee.Participate in industry collaborative efforts to monitor, share, and discuss emerging security threats. Monitor emerging risks and recommend mitigations.Keep abreast of federal and state legislative, regulatory and judicial changes, as well as industry trends related to information security, including but not limited to GLBA, FFIEC, NIST, and CIS guidance.Works with auditors and examiners with items related to information security risk management. Monitor the status of corrective actions on findings noted.Promotes the Bank's products and services and maintains an active participation in community affairs.Responsible for adhering to bank policies and procedures related to regulatory compliance requirements applicable to the job function.Performs related and unrelated duties as needed.POSITION REQUIREMENTS:Bachelor's degree in Computer Science, Management Information Systems or a related field. CISSP, RISC, CISM, or similar level information security management certification. Minimum of 3 years of professional experience designing and maintaining information security policies and procedures. Minimum of 3 years leading IT security projects and teams to develop security and compliance solutions.Demonstrated experience with various information security frameworks and guidance. Demonstrated understanding of technical security controls, including secure network architecture, systems security, encryption systems, and database security. Ability to research regulatory guidance, and independently and proactively research and interpret such guidance and other relevant industry standards. Ability to develop, document and implement appropriate policies and procedures based upon such research and interpretation.Ability to work in a collaborative environment with all levels of bank management, regulatory examiners and external auditors is essential. Effective communication and organizational skills.SUPERVISORY SCOPE:
Limited supervisory responsibilityINDEPENDENT ACTION:
Establishes own work plan and performs work independently within scope of established guidelines and practices. May refer specific problems to the Chief Risk and Compliance Officer, when necessary.COMPLIANCE:
Responsible for adhering to bank policies and procedures relating to regulatory compliance requirements applicable to the job function including but not limited to Bank Secrecy Act, Anti-Money Laundering and Fair Lending.Why Choose Chelsea?The Bank has been named a Top Workplace in Connecticut since 2016. And with good reason! Our team members are encouraged and empowered to be better, go further, and help others. And there are lots of other perks too - competitive salary, 401(k) plan, paid time off, health benefits, wellness and engagement programs, leadership training, professional development, and learning opportunities for all team members, and more! Several members of the Bank's team have been recognized in our industry and throughout the community by earning awards such as the Connecticut Bankers Association
New Leaders in Banking , ICBA
Forty Under 40 , The Day
Forty Under 40 , Banking New England
Women of FIRE , and more.At Chelsea Groton, we don't just meet the expectations of our community; we exceed them in the ways we, as a mutual bank, do business, and how we support local organizations financially and through volunteerism. We are focused on bringing together the best in digital, remote, and in-person capabilities. Our approach is designed around the lives of our customers so they can manage finances when, where and how they want, and team members can provide support to our customers in more ways too.Apply today to join a company named Best Bank by The Day (2015 - present), Top Workplace by the Hartford Courant (2016 - present), and one of Forbes Best-In-State Banks (2021, 2022)!Responsible for adhering to Bank policies and procedures relating to regulatory compliance requirements applicable to the job function including but not limited to the Bank Secrecy Act, Anti-Money Laundering, and Fair Lending. EOE/AA/M/F/D/V. Member FDIC.
#J-18808-Ljbffr