• IT Security & Risk Manager II

    Dickinson Financial Corporation (Kansas City, MO)


    Summary

    IT Security and Risk Manager works in the Information Technology Department and is primarily responsible for working with IT, business units, users, and vendors to ensure the confidentiality, integrity, and availability of data, systems, information, and associated assets according to the GLBA, FFIEC Handbook, and industry accepted information security and data standards.

    Responsibilities

    + Perform risk assessments and impact analyses to identify vulnerable areas within the company’s security program. The risk assessment process includes identifying threats and risks, identifying technical, logical, and operational controls that are in place to mitigate the threats, and analyzing and reporting the observations found during the risk assessment process.

    + Manage the vulnerability assessment software including defining asset groups, determining software parameters, and assigning scan profiles. Will also oversee the handling of vulnerability issues including the evaluation of vulnerability exceptions. Will keep management apprised of vulnerabilities and risks.

    + Will monitor the handling of firewall/IDS/IPS/malware incidents to ensure issues are investigated and solved appropriately. Could include investigating incidents directly. Will keep management apprised of results.

    + Will develop incident procedures and oversee the investigation and reporting of security incidents including phishing, smishing, virus, dos, and privacy breaches. Will keep management apprised of incidents.

    + Will be responsible for executing the Company’s incident response plan.

    + Will identify information security monitoring standards and define the correlating rules required from Security Information and Event Management (SIEM) solution. Responsibility could also include the writing and managing of the SIEM solution.

    + Coordinate all security reviews and tests including, but not limited to, firewall rule review, social engineering tests, penetration tests, and vulnerability assessments.

    + Coordinate the Company’s disaster recovery and business continuity program. This includes maintaining the plans, coordinating the BIA, facilitating recovery testing, assessing vendor’s resiliency, and preparing corporate awareness.

    + Manage the enterprise vendor management program. This includes coordinating the vendor due diligence, the vendor oversight, perform vendor security reviews, and managing vendor contracts.

    + Will assist in defining security controls and security baselines for systems being implemented.

    + Inform and train staff members, both inside and outside the IT department, on their responsibilities concerning IT security as it relates to Company systems.

    + Assess need for security reconfigurations (minor or significant) and either execute them or coordinate the execution of them.

    + Assist in internal audit or external audits as necessary. This may include responding to audit requests, preparing audit documentation, or acting as liaison between IT and the audit entity.

    + Participate in the IT budget and expense management process. This may include the preparing of cost analyses for IT purchases, investigating IT expenses, identifying possible cost saving opportunities, and assist in all or part of the IT budgeting process.

    + Develop security procedures as necessary.

    + Remain informed on trends and issues in the security industry, including current and emerging technologies. Keep team managers apprised of findings.

    + Be highly knowledgeable of the Organization’s overall security policies, and recommend changes and enhancement

    + Keep current with emerging security standards, alerts and issues. (FFIEC Security Handbook, ISO, etc)

    + Protect all client and bank information confidentially and follow all company policies.

    + Understand, communicate, and instill the Company’s mission, vision, and values (Pillars of Success).

    + Complete monthly training in a timely manner to ensure knowledge of bank regulatory requirements, policies, and procedures.

    + Working at the worksite during regular business hours and/or assigned hours.

    + Other specified duties as assigned.

     

    Benefits

    Full‐time associates are eligible for our benefits package:

    + Medical

    + Dental

    + Vision

    + 401(k) plan

    + Company paid life insurance

    + Short and Long-term disability insurance

    + Company paid vacation, paid leave and holidays

     

    This position will remain open until a qualified applicant is hired.

    Skills

    + Must have ability to work independently and be able to manage multiple projects simultaneously.

    + Excellent analytical, mathematical, and creative problem-solving skills.

    + Excellent written and oral communications skills; communicate in terms to both technical and business associates.

    + Possess leadership skills and be self-motivated.

    + Must be able to interact with DFC personnel at all levels and across all business units in a professional manner.

    + Must be able to interact with third party DFC relationships in a professional manner to build long-term relationships.

    Education & Experience

    + Education **–** Minimum of 4 years of experience related specifically to IT Security. A B.S. degree in a Computer-related field is also preferred.

    + Certifications **–** Requires any of following security entry-level certifications: Security+, Network+ and/or GIAC Security Essentials.

    + CCNA, MCSE, CEH, CISSP, or CISA, is preferred.

    + CBCP (Certified Business Continuity Professional), CTPRP (Certified Third-party Risk Professional) or CRVPM (Certified Regulatory Vendor Program Manager) would be beneficial.

    + Training **-** Continuing professional education will be provided to maintain a certification in good standing.

    + Specialized training will be provided as needed. Training will be dependent on infrastructure and business strategies.

    Physical Requirements

    The work environment is typical of a standard office or retail banking setting. The position is sedentary, involving sitting most of the workday; however, the position will involve moving about the workspace to reach entrances/exits, restrooms, conference rooms, or other areas within the work environment. Reaching may be required involving the ability to move arms in any direction. Office equipment, such as a computer and telephone, will be used requiring the ability to manipulate a keyboard, mouse, and/or keypad. The ability to decipher a computer screen or written documents is necessary. The ability to express or exchange ideas; impart information to clients, coworkers, or the public; or to convey detailed or important instructions; is required. The ability to receive and understand detailed information shared through oral or written communication is required. Position requires lifting and/or the exerting of up to 10 pounds of force.

    Equal Opportunity Employer/Disabled/Veterans

    Academy Bank and Armed Forces Bank provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, national origin, protected veteran status, disability. Academy Bank and Armed Forces Bank provides affirmative action data on protected veteran status or disability. If you need an accommodation for any part of the employment process, please email [email protected]