"Alerted.org

Job Description

A community bank in Marion Ohio is seeking a Security Officer to join their organization for a full time, hybrid onsite role.

Summary: Ensure the security of data as defined by GLBA section 501 (b) and FFIEC IT Handbook along with the development and maintenance of Disaster Recovery and Business Resumption Plan. Ensure bank Physical Security requirements are fulfilled. Also, oversight of facilities physical security systems management and maintenance. This is not a hands on IT Security role, rather we are looking for someone who has experience assessing and determining risk levels for the bank.

Essential Duties and Responsibilities:

Develop and implement internal system controls so that system policies and procedures are enforcing system security.

Ensure that associates are knowledgeable of system software (including usage of the systems) and adhere to information technology policies for system security protection.

Maintains the Information Security Program as defined by GLBA 501(b) and the FFIEC IT Handbook; including Policies, Procedures, Risk Assessments, Manage and Control Risks, Servicer Provider oversight, Program Adjustments, Board Reporting, and Program implementation.

Coordinates information technology and security audits (reviewed by Third Party to ensure required compliance is met as defined by GLBA Section 501 (b) and FFIEC IT Handbook) including an annual risk assessment, and that any needed changes receive proper follow-up to ensure system security protection and that findings are reported to the Audit Committee and Board of Directors.

Coordinates Regulatory IT exams, and ensures changes needed receive proper follow-up to ensure systems security, protection, and compliance. Including reporting to Audit Committee and Board of Directors.

Ensure user systems permissions are appropriate for individual job functions by reviewing according to the systems risk assessment ratings. Also accountable for daily, weekly, and monthly log / report reviews are completed and results reported to the Board of Directors.

Maintain enhancement of technology systems to satisfy compliance requirements and bank computer efficiency needs to support the banks strategic business goals, including the development of the annual information technology strategic plan and budget to ensure proper business planning and financial control.

Ensures that the bank is protected from disasters that are caused by internal and external threats through the development and annual testing of disaster Recovery and Business Resumption Plan, and to report the status of the plan to management and the Board of Directors.

Oversee the bank wide physical security compliance, including alarm systems, the security program, branch security, camera functionality, cash drawer audits and reporting to the Board of Directors.

Oversight of Vendor Management Program; including annual vendor reviews as defined by the FFIEC IT Handbook and assisting the Project Manager with contract review for policy compliance.

Oversight of the bank Cybersecurity; including, protection, identification, assessments and controls.

Co-Leader of the Information Technology Steering Committee.

Member of the Risk Management Committee, Compliance Committee, Project Committee and Audit Committee.

Oversight of employee and board security training and policy acceptance.

Oversight of the bank IT Incident Response Program including the Incident Response policy, procedures, team, and playbook. As well as the Incident Response team leader.

Responsible for approval of invoices related to security (training site, enterprise risk site, etc)

Secondary Backup to oversight of Managed Service providers (MSP)

Supervisor to Facilities and Security Specialist

Participation in projects to ensure appropriate security level is maintained

We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] . The EEOC "Know Your Rights" Poster is available here (https://www.eeoc.gov/sites/default/files/2023-06/22-088\_EEOC\_KnowYourRights6.12ScreenRdr.pdf) .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Skills and Requirements

5+ years of experience with GLBA section 501 (b) and FFIEC IT Handbook

Experience using Jack Henry for data protection and disaster recovery

Experience using Sophos system to pull data to build reports for the audit committee

Experience using M365 for risk audit Experience building out training and running phishing campaigns

Experience with physical security system audits and reporting

Experience working with Financial Services Information Sharing and Analysis Center (FS-ISAC) null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected].