"Alerted.org

Deputy Chief Information Security Officer (Deputy CISO)

Canandaigua National Bank

What does a Deputy Chief Information Security Officer (Deputy CISO) do?

The Deputy Chief Information Security Officer (Deputy CISO) is responsible for assisting the Chief Information Security Officer (CISO) by managing daily program operations, developing and implementing the department strategy, overseeing monitoring of program controls, and ensuring regulatory compliance. This role is also responsible for managing Information Security teams and risk management programs. The role requires strong communication, leadership, and project management skills to align department initiatives with business goals and navigate complex threat landscapes.

Performs various duties relating to the Information Security Department Programs of which the following are illustrative:

+ Provide operational oversight of Information Security team.

+ Assist the CISO with Department Program assessments and long-term roadmap.

+ Assist the CISO with the development and implementation of Program strategies.

+ Develop metrics and measurements to assess Program progress and effectiveness.

+ Monitor the emergence of new threats and vulnerabilities, assess risks and impacts and recommend mitigation strategies.

+ Assist the CISO with managing security incident investigations.

+ Develop and maintain Information Security governance documentation.

+ Oversee the development and maintenance of Information Security educational initiatives.

+ Oversee the development of monitoring processes related to Information Security controls.

+ Assist with risk management, including conducting risk assessments, vulnerability management, and similar activities.

+ Lead or participate on projects as appropriate, assisting in the development of new or modified products or services, to ensure adequate Program controls are in place prior to implementation and Department deliverables are completed/provided as required.

+ Assist the CISO with ensuring regulatory compliance. Assist with the remediation of internal/external audit, examination, and penetration test findings related to the Programs.

+ Recommend and assist with Program remediation and improvements to infrastructure, controls, policies and procedures.

+ Stay current with IT-related regulatory guidance and alerts and industry alerts including FS-ISAC information. Maintain a current understanding of the IT threat landscape for the industry.

+ Maintain confidentiality of all investigations, reports and other sensitive information associated with position.

What is needed to be successful in this role?

+ A Bachelor's degree in Information Security, Computer Science, or a related field required.

+ Certified Information Systems Security Professional (CISSP) certification required.

+ Additional professional security management certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or other equivalent certification preferred.

+ Minimum 8 years’ experience in an Information Security Management capacity with experience in all security domains and with experience in team management required.

+ Strong writing and grammar, including technical writing, presentation development, and report development for all audience levels.

+ Ability to present to a range of internal, external and customer audiences, including technical and non-technical decision makers, Executive Leadership, and Directors.

+ Ability to read, analyze and interpret industry standards, government regulations, professional journals, etc.

+ Strong leadership in developing and leading initiatives with the ability to supervise others.

+ Excellent planning and organizational skills.

+ Excellent analytical and problem-solving skills.

+ Proven experience with risk assessments with excellent understanding of application development and technical infrastructure security.

+ Ability to respond to common inquiries or complaints from employees, customers, regulatory agencies.

+ Ability to travel to various locations as necessary.

What makes working at Canandaigua National Bank different?

Our Core Values guide how we serve, lead, and grow alongside our community. By working wholeheartedly, feeling empowered, acting with courage, being authentic, and serving with a noble spirit, WE CAN fortify healthy lives by doing what's right for our customers and the community.

Our culture nurtures passionate employees and offers great rewards including:

+ Medical, dental, vision, FSA, HSA options for both part-time and full-time employees. Medical coverage is also offered for domestic partners.

+ Paid holidays, vacation, and sick time.

+ Retirement benefits that include a 401(k), Profit Sharing, and Employee Stock Ownership Plan (ESOP).

+ Training & development opportunities.

+ Tuition assistance.

+ Community focused volunteer opportunities.

+ Award winning wellness program that promotes a solid work/life balance.

+ Banking perks and discount programs.

Our goal is to ensure that our bank, employees, and our community thrive and grow, now and for the next 135 years. We're in it for the long haul. What truly sets us apart from other financial institutions is the quality and commitment of our employees. We've assembled a diverse team of people who share a primary focus: to provide exceptional service for our customers.

As an organization, we are committed to hiring, training, developing, promoting, and celebrating employees from historically disadvantaged groups. At Canandaigua National Bank, we welcome the unique contributions that you can bring in terms of ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veteran’s status, religion, disability, sexual orientation, education, and culture.

Canandaigua National Bank remains an independent, community bank. If you want to be a part of something special, join us today!

Compensation range - $144,500 - $181,000

The actual salary offered within the range is dependent on a variety of factors including, but not limited to, relevant experience, qualifications, skills, level offered, and performance expectations.

Canandaigua National Corporation and its subsidiaries encourage diversity in the workplace; we are an Equal Opportunity Employer. Minority/Female/Sexual Orientation/Gender Identity/Disability/Veteran.