First Guaranty Bank – Hammond, LA
This is a senior-level position for the Information Security Department and establishes and maintains the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
The Information Security Officer (ISO) is responsible for overseeing and reporting on the management and mitigation of information security risks across the institution. He/she is responsible for implementing an information security program satisfying the Interagency Guidelines Establishing Information Security Standards (Information Security Standards), which were issued pursuant to the Gramm-Leach-Bliley Act (GLBA). The ISO is an enterprise-wide risk manager and a not a production resource devoted to IT operations, networking, or programming functions. The Information Security Officer (ISO) reports to the Vice President of Audit and ERM; however, provides periodic reporting to the bank’s IT Steering Committee and works closely with the Chief Information Officer.
The Information Security Officer (“ISO”) is accountable to plan, implement, coordinate, and maintain the overall information security programs as well as cyber security of FGB. The ISO is the “champion” of information security for FGB and works closely with management. Weighs business needs against security concerns, finds the right solution to support the business and articulates any issues to management.
Essential Duties and Responsibilities
Governance, Strategy, and Oversight
Implementing the information security and objectives, as approved by the board of directors, including strategies to monitor and address current and emerging risks.
Oversee development, accuracy, and compliance with corporate security policies, standards and procedures.
Works with senior management and the board of directors to ensure information security protection policies are being updated, implemented, reviewed, maintained, and governed effectively.
Reporting significant security events to the board, IT steering committee, government agencies, and law enforcement, as appropriate.
Provides periodic reporting to the Board of Directors regarding status of information security including those items required by the FFIEC guidelines.
Develops quarterly metrics for the Information Technology Steering Committee, or Board of Directors.
In the event of a breach lead incident response efforts to contain, investigate, and prevent future security breaches.
Develop timely responses and action plans to address finding from internal and external audits.
Provide updates to senior management and the board on cyber risk trends.
Assists in collecting documentation from IT and business departments in preparation from safety and soundness and external audit annual exams.
Risk Identification & Monitoring
Comprehensive IT risk identification which includes identification of cybersecurity risks as well as details gathered during information security risk assessments required under guidelines implementing the GLBA.
Identify cyber security risks to the bank and evaluate its cybersecurity preparedness, maintain and update a repository of cybersecurity threat and vulnerability information that may be used in conducting risk assessments and provide updates to senior management and the board on cyber risk trends.
Review existing systems and develop and maintain ongoing comprehensive written information security risk assessments quarterly.
Monitor for emerging risks and implementing mitigations.
Reviews monthly vulnerability scanning from the Internet and the Local Area Network, interprets the results, and validates potential exposures and provide a periodic written assessment.
Performs analysis of logs from several systems to identify unexpected or malicious activity.
Monitor of security audit and intrusion detection system logs for system and network anomalies are also required.
Tracks the status of known Information Security exposures, works with Information Security (IT) and business departments to promote remediation of known exposures.
Education & Awareness
Inform the board and management of information security and cybersecurity risks and the role of staff in protecting information.
Lead information security awareness and training initiatives to educate workforce about information risks.
Participating in industry collaborative efforts to monitor, share, and discuss emerging security threats.
Provide input and guidance for the planning, research, and design of the IT security architectures, and data classifications.
Partner with IT management to develop and maintain security requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices.
Working with management in the lines of business to understand the flows of information, the risks to that information, and the best ways to protect the information.
Engaging with management in the lines of business to understand new initiatives, providing information on the inherent information security risk of appropriate consideration of risks involved with new products, emerging technologies, and information systems.
Responsible for providing guidance on security protocols, data encryption standards firewall configuration, daily maintenance of security tools, updating of antivirus/malware monitoring tools, detection and response to security alerts and other various information security measures.
Ensures patch management is completed accurately and timely.
Ensures that the access control, disaster recovery, business continuity, incident response, and risk management needs of the organization are properly addressed.
Assist on all audit and examination initiatives and track IT related completion of remediation activities related to independent vulnerability testing, risk analyses, security assessments and exam mitigation/controls in conjunction with Internal Audit and Risk Management.
Certification of deployments as complaint with procedure and policy.
Adheres to the BSA policy and all other Bank Policies.
Other duties and responsibilities as may be assigned by supervisor.
The incumbent is required to maintain the integrity of the bank customer information and protect Information Technology assets.
Physical Demands and Work Environment
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the functions.
While performing the duties of this position, the employee is regularly required to talk and hear. The employee frequently is required to use hands or fingers, handle, or feel objects, tools or controls. The employee is occasionally required to stand; walk; sit; reach with hands and arms; climb or balance; and stoop, kneel, crouch, or crawl.
The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, color vision, peripheral vision, and the ability to adjust focus.
The noise level in the work environment is usually moderate.
Requires experience working with IP networking, networking protocols and understanding of security related technologies including encryption, VPNs, firewalls, proxy services, DNS, electronic mail, and access-lists