GENERAL FUNCTION:

The IS Manager role is responsible for establishing and maintaining the bank’s security program through policy, strategy, architecture, operations management, and training processes working closely with Virtual CISO. The role interface with peers in the IT department and with the leaders of the business units to share the corporate security vision with those individuals and solicit their involvement in achieving higher levels of enterprise security through information sharing and cooperation.

Responsibilities

Strategy & Planning

• Create and maintain the information security architecture design and roadmap.
• Create, and maintain the information security awareness training program.
• Create and maintain the information security documents (policies, standards, baselines, guidelines, and procedures).
• Perform info-security risk assessments.

Acquisition & Deployment

• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
• Select and acquire additional information security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Oversee the deployment, integration, and initial configuration of all new information security solutions and any enhancements to existing solutions according to standard best operating procedures and policies.
• Perform assessments of third-party (3rd) vendors’ SSAE/SOC reports, ensuring controls’ adequacy.
• Evaluate and recommend new information security technologies and countermeasures against threats.
• Coordinate users, Bank IT resources, and service provider staff to implement solutions that will meet or exceed customer, management, and regulator expectations.
• Manage and own project delivery within budget, scope, quality, and time requirements.

Operational Management

• Responsible for information security operations to ensure threats, vulnerabilities, events, and controls are being effectively managed.
• Maintain an Incident Response Team (IRT) and response process for the Bank.
• Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems, databases, and other data repositories.
• Perform regular information security awareness training for all employees to ensure consistently high compliance with enterprise security documents.
• Engage in ongoing communications with IT peers and the various business groups to ensure enterprise-wide understanding of security goals, solicit feedback, and foster cooperation.
• Provide subject matter expertise for network security topics related to network, server, and client technology architectures such as instruction detection and prevention, antivirus and APT, data loss prevention, firewall, Internet proxy, VPN, etc.
• Develop documentation to support ongoing security systems operations, maintenance, and specific problem resolution.
• Reviews and respond to InfoSec incidents and problems to collect metrics, recommend, and support the implementation of solutions, suggest process improvements, and conduct root cause analysis.

MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:

• Expert knowledge of Active Directory/LDAP Directory Services and Windows 2008, 2008 R2, 2012, SQL Server, and cloud
• Expert knowledge of Authentication Protocols, MFA
• Expert knowledge of DNS, DHCP, SMTP, SNMP, TCP/IP, UDP
• Familiar with common security tools, vulnerability management, firewalls/routers/IPS/IDS
• Experience with creating technical documentation
• Proficient in Microsoft applications (Excel, Word, Project)
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to effectively influence others to modify their opinions, plans, or behaviors
• An understanding of organizational mission, values, goals, and consistent application of this knowledge

Personal Characteristics

• Can interface with and gain the respect of stakeholders at all levels and roles in the company
• Is a confident, energetic self-starter with strong interpersonal skills
• Is comfortable with working shifts and a changing schedule
• Has good judgment and a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service, and business integrity
• Self-motivated and possessing a high sense of urgency and personal integrity

• Bachelor’s degree in Computer Science, Information Technology specialty, or related field
• Minimum 5 years of information security management experience
• Banking experience preferable
• CISM or CISSP certification is preferable