SUMMARY

The Head of Information Security is responsible for planning, implementing and maintaining the information security program, including cybersecurity. The information security program is designed to ensure the confidentiality, integrity, and availability of the information in compliance with industry/banking regulations. This position will work closely with the Information Technology staff as well as stakeholders in other business units to manage information and cyber security risk, including risk identification and mitigation. The Information Security program involves several team members, who are responsible for ongoing risk assessment, evaluation of appropriate security controls, development and monitoring of policies and standards, security awareness and training programs, project and product development consultation, incident response program management, and proactive compliance with industry regulations related to information security.

Ensures compliance with established Company policies and procedures. Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with state and federal regulations and laws as they pertain to this position including but not limited to the following: Regulation Z (Truth in Lending Act), Regulation B (Equal Credit Opportunity Act), Home Mortgage Disclosure Act, Real Estate Settlement Procedures Act, Fair Credit Reporting Act, Bank Secrecy Act in conjunction with the USA PATRIOT Act, Anti-Money Laundering and Customer Information Program, Right to Financial Privacy Act (state and federal) and Community Reinvestment Act.

REQUIRED DUTIES

1. Partner and influence stakeholders across the organization to achieve the goals outlined in the Information Security Program. Demonstrated strong leadership and management skills and the ability to secure results through others.

2. Develops and implements policies and procedures to ensure compliance with established regulatory guidelines to safe guard the bank’s information environment.

3. Develops and delivers information security, privacy and data loss prevention programs to include information in electronic, print and other formats.

4. Facilitates enterprise-wide training on pertinent security issues are appropriate and adequate.

5. Ensures the Information Security Program is appropriately designed to ensure a holistic enterprise-wide perspective with reducing the overall information security risk.

6. Ensures that information created, acquired or maintained is used in accordance with its intended purpose to protect its infrastructure from external or internal threats and to ensure the organization complies with statutory and regulatory requirements regarding information access, security and privacy.

7. Implements an ongoing risk assessment program targeting information security, cybersecurity, and privacy matters; recommends methods for vulnerability detection and remediation and performs and/or oversees vulnerability testing.

8. Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the organization. Conducts continual research to maintain knowledge of technology, customer needs and overall requirements; stays current with advancements in technology relative to data administration, security, related services, and FFIEC Guidelines; makes recommendations to evolve information security practices and procedures to accommodate such changes.

9. Maintains advanced knowledge and awareness of financial industry technical status and trends.

10. Informs the board, management, and staff of information security and cybersecurity risks. Participates in information sharing sites (e.g., Financial Services Information Sharing and Analysis Center) on cyber threats and vulnerabilities that may affect Hanmi Bank.

11. Develops and manages information security resources or budget to maintain an effective information security program.

12. Provides a quarterly state of the Information Security Program report to the Risk Committee.

13. Monitors, maintains and adjusts the Information Security Program in light of audit findings and recommendations, changes in the internal and external landscape, relevant changes in technology, and changes in business strategy.

14. Monitors staff in daily tasks, operations and quality control.

15. Consistently applies logical decision making techniques pertaining to inquiries, approvals and requests as they apply to existing policies and procedures, keeping within assigned approval limits and using these instances as learning tools for employee development.

16. Treats people with respect; keeps commitments; inspires the trust of others; works ethically and with integrity; upholds organizational values; accepts responsibility for own actions.

17. Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.

18. Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values.

19. Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one’s own actions and conduct.

20. Performs duties specific to the position and other functions as assigned.

MINIMUM REQUIREMENTS

These specifications are general guidelines based on the minimum experience normally considered essential to the satisfactory performance of this position. The requirements listed below are representative of the knowledge, skill and/or ability required to perform the position in a satisfactory manner. Individual abilities may result in some deviation from these guidelines.

• Bachelor’s degree from an accredited university preferred and ten 10 years of related experience and/or training. Work related experience must consist of information security operations or management experience in the financial services industry, and at least five (5) years of experience in a managerial capacity.
• Certified Information Security Professional (CISSP) or similar industry certification or equivalent experience.
• In depth experience of Information Security practices and implementation in Banking or financially related industry.
• Demonstrated exceptional written and verbal communication skills.
• Understanding of current technology and regulatory trends affecting financial institution information security programs.
• Excellent interpersonal skills and the ability to work effectively with people in a wide range of positions and levels.
• Demonstrated ability to analyze security and technology control effectiveness.
• Knowledge of trends in multiple technological and banking areas.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Leadership skills including the ability to build high performing teams and lead change.
• Basic skills in computer terminal and personal computer operation; mainframe computer system; word processing and spreadsheet software programs.
• Basic typing skills to meet production needs of the position.
• Advanced math skills; ability to calculate interest, commissions, proportions, and percentages; balance accounts; add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals; locate routine mathematical errors; compute rate, ratio and percent, including the drafting and interpretation of bar graphs.
• Exceptional verbal, written and interpersonal communication skills, with the ability to apply common sense to carry out instructions and instruct others, train personnel, write reports, correspondence and procedures, and speak clearly to customers and employees.
• Thorough understanding of management procedures; ability to plan department or Company activities (setting objectives, developing strategies, budgeting, and developing policies and procedures); initiative to organize various functions necessary to accomplish department or Company activities; effectively staff (selecting, training and developing employees); directing employees towards the desired objectives (delegating, motivating, resolving problems); controlling the function (developing performance standards, measuring results, taking corrective action and rewarding employees as appropriate).
• Ability to deal with complex problems involving multiple facets and variables in non-standardized situations.
• Ability to work with no supervision while performing duties.
• Current driver’s license and a vehicle with appropriate insurance coverage if required to drive in the course of performing assigned duties and responsibilities.

Pay $150,000 - $205,000 per year. The salary reflects the full salary range for this position. Individual placement within the range is based on the candidate’s current experience, education, skills, and abilities related to the position. Successful candidates typically begin up from the beginning to mid-point of the salary range. Successful candidates may be eligible for [bonus/stock/commissions/incentives] at the Company’s sole discretion. We offer a comprehensive benefits package which includes paid sick and vacation leave; paid holidays; medical, dental, vision, life and disability insurance package for employees and dependents; various other voluntary benefit offerings, and optional retirement accounts.

We are an Equal Opportunity Employer. All applicants will receive consideration for employment without regard to race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity, gender expression, genetic information, or military or Veteran status, or any other characteristic protected by law.