POSITION SUMMARY The SVP Risk Management and Information Security Officer (ISO) ensures that appropriate systems are developed, implemented, and maintained to identify, measure, monitor and control risks, in accordance with applicable regulatory guidelines (e.g., FRB, FDIC and State). This position also ensures that appropriate risk management strategies are employed throughout the Bank to avoid, control, retain or transfer identified risk exposures by performing the primary responsibilities and accountabilities listed below either personally or through other employees. The SVP Risk Management and Information Security Officer is responsible for planning, directing, and coordinating the bank’s information security policies in partnership with the Chief Technology & Cybersecurity Officer and the bank’s leadership team.
PRIMARY RESPONSIBILITIES AND ACCOUNTABILITIES
Responsible for the completion of Enterprise Risk Assessment and Executive Summary in collaboration with the Chief Accounting Officer and CFO/COO.
Ensures that the risk of new products and services, or significant changes in existing products and services, is adequately evaluated before they are offered/implemented.
Oversees the Bank’s Vendor Management Program and is chairperson of the vendor management committee. Maintains appropriate records of contractual relationships between the Bank and third-party vendors. Ensures that: 1) contracts signed with vendors meet the Bank’s legal and contractual requirements 2) due diligence reviews of vendors are completed as outlined in the Vendor Management Program document 3) appropriate business unit managers evaluate the service levels/performance of the vendors used in their respective areas. 4) utilizes the NVendor program to organize all vendor information and due diligence requirements 5) Responsible for documenting any vendor performance issues and relationship profitability
Under the oversight of the CFO/COO is responsible for the completion of appropriate insurance applications and submission of policy recommendations to the board of directors for final approval. Serves as the liaison between the Bank and insurance companies on new policies, renewals, foreclosed property insurance and insurance claims.
Serves as the Information Security Officer and oversees the bank’s security officer and security program. Responsible for completion of the Annual Security Report.
Prepares an annual assessment of information security risk and ensures that the Bank has adopted appropriate policies and procedures to manage such risks. Coordinates the management of the information security function, including the granting of employee and third-party access to automated and non-automated information and systems of information. Notifies the Bank’s primary regulator of information security issues if warranted.
Oversees the Disaster Recovery/Business Continuity (DR/BC) Program including:
maintenance of the overall DR/BC manual
coordinating mock disaster testing no less than annually
updating the Business Impact Analysis (BIA) as business functions and associated recovery times change
updating the DR/BC risk assessment
Ensures the Bank’s record retention practices meet federal and state mandated guidelines. Works with the business lines to comply with said guidelines.
Participates as a member of the Risk and Information Security (RISC) Committee and assists with the facilitation of monthly meetings.
Oversees the information security training program including: 1) recommending course assignments 2) assigning the courses 3) tracking and reporting of KnowBe4 results.
Oversees the RISC annual review of user access privileges and responsible for tracking the completion of contingency testing, vulnerability testing, etc.
Interacts with external auditors and regulators and provides information as required for audits and exams.
ROLE QUALIFICATIONS: Education
Bachelor’s degree in Management, Finance, or Accounting from four-year college or university or equivalent combination of education and experience
Experience The ideal candidate will have:
8 plus years of related experience
Prior experience with a regulatory agency such as the FDIC or IDOB, or in bank internal auditing or information security fields is preferred.
Other Skills and Abilities
Strong math skills; add, subtract, multiply and divide in all units of measure
Knowledge of Microsoft Word processing software; Microsoft Excel spreadsheet software; Accounting software; Internet software and Database software
Demonstrate a “lead by example” mentality
Be able to work flexible hours and shifts
Travel to/from and work in multiple locations
Must have a valid driver’s license and reliable transportation
Supervisory Responsibilities This position is responsible for supervising staff in accordance with the bank’s policies and applicable laws. Responsibilities could include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and taking corrective action with employees; addressing complaints and resolving problems.
Competencies To perform the job successfully, an individual should demonstrate the following competencies:
Analytical- collects and researches data; uses intuition and experience to complement data; designs workflows and procedures.
Problem Solving - identifies and resolves problems in a timely manner; gathers and analyzes information skillfully; ability to deal with complex problems involving multiple facets and variables in non-standardized situations.
Project Management - coordinates projects; communicates changes and progress; completes projects on time and budget.
Technical Skills - assesses own strengths and weaknesses; pursues training and development opportunities; strives to continuously build knowledge and skills; shares expertise with others.
Oral Communication - speaks clearly and persuasively in positive or negative situations; listens and gets clarification; responds well to questions; demonstrates group presentation skills; participates in meetings.
Teamwork - balances team and individual responsibilities; exhibits objectivity and openness to others' views; gives and welcomes feedback; contributes to building a positive team spirit.
Delegation - delegates work assignments; matches the responsibility to the person; gives authority to work independently; sets expectations and monitors delegated activities.
Leadership - exhibits confidence in self and others; inspires and motivates others to perform well.
Written Communication - writes clearly and informatively; edits work for spelling and grammar; varies writing style to meet needs; presents numerical data effectively; able to read and interpret written information.
Ethics - inspires the trust of others; works with integrity and ethically; upholds organizational values.
Organizational Support - follows policies and procedures.
Adaptability - adapts to changes in the work environment; changes approach or method to best fit the situation.
Attendance/Punctuality -is consistently at work and on time; ensures work responsibilities are covered when absent; arrives at meetings and appointments on time.
Dependability - follows instructions, responds to management direction; takes responsibility for own actions; keeps commitments; completes tasks on time or notifies appropriate person with an alternate plan.
Judgment - exhibits sound and accurate judgment; supports and explains reasoning for decisions; includes appropriate people in decision-making process.
Planning/Organizing - prioritizes and plans work activities; uses time efficiently; sets goals and objectives.
Professionalism - approaches others in a tactful manner; reacts well under pressure; treats others with respect and consideration regardless of their status or position; follows through on commitments.
Quality - demonstrates accuracy and thoroughness; looks for ways to improve and promote quality; applies feedback to improve performance; monitors own work to ensure quality.
Initiative – is a self-starter; seeks out new tasks and expands abilities; works for the better needs of the business, not just his/her own position.
Growth and Customer Focus – Provides excellent customer service to everyone; supports business and revenue growth; focuses on opportunities to suggest new services to customers.
WORKING CONDITIONS Work is performed largely within the Bank with limited chance for personal injury.
The following physical and mental requirements must be met to perform the essential functions of this position: Frequently communicate with employees and other parties by phone, email and/or in person; can exchange accurate information in these situations. Constantly operates a computer and other office equipment such as a calculator, copy machine, and printer. Frequently move inside the office to access files or office equipment. Occasionally lift and/or move up to 50 pounds of office supplies and equipment. Some bending, turning, and twisting required. Periodic stressful situations in response to multiple priorities within established deadlines. Work hours are generally during normal business hours. Unscheduled evening and weekend work may be needed to meet the needs of customers and employees. Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception and ability to adjust focus.Occasionally drive to/from and work in multiple branches/locations.
GENERAL NOTICE This position description describes the general nature and level of work performed by the employee assigned to this position and should not be interpreted as all inclusive. It does not state or imply that these are the only duties and responsibilities assigned to the position. The employee may be required to perform other job-related duties. All requirements are subject to change and to possible modification to reasonably accommodate individuals with a disability.
This position description does not constitute an employment agreement between the Bank and employee and is subject to change by the employer as the needs of the Bank and requirements of the position change. Equal opportunity employer. This company considers candidates regardless of race, color, religion, sex, sexual orientation, age, gender identity, national origin, disability or veteran status