RESOURCE BANK InformationSecurity Auditor Position Summary: Thisposition reports to the Internal Audit Manager and is responsible for reviewingand auditing the effectiveness and compliance of the Bank's informationsecurity measures to include: assessing and evaluating security controls,identifying vulnerabilities, and recommending improvements to protect sensitivedata and mitigate risks. This positionwill also conduct audits and assessments, and assist with identifying andaddressing security gaps, maintaining regulatory compliance, and safeguardingagainst cyber threats.
TheInformation Security Auditor/Officer is independent of the IT function, andwill have no IT production responsibilities. The ISO/Auditor must have sufficient operational and technicalknowledge, background and training to enable them to perform their assignedtasks.
Essential Functions: Reviewingand evaluating the Bank's information security policies and procedures foradequacy and effectiveness of the policies with industry best practices andregulatory requirements.
Planningand evaluating audit activities, including defining scope, developing auditplans, conducting interviews and assessments, collecting evidence to supportfindings and conducting continuous monitoring over the information securityprogram.
Documentingand communicating audit findings, observations, and recommendations tomanagement and committees.
Monitoringrisks and tracking mitigation, and reporting significant security events to theboard, committees and executive management, as appropriate.
Informingthe Board, committee(s), and executive management of cybersecurity risks androle of bank personnel in protecting information.
Collaboratewith IT teams, management, Board, and Committee members to provide guidance onsecurity best practices, risk mitigation strategies, and compliancerequirements. Auditor/Officer mayrecommend working collaboratively with teams to implement corrective actionsand enhance the Bank's security posture.
Engagingwith management to understand new initiatives, providing information on theinherent security risks and outlining ways to mitigate the risks.
Stayingup to date with emerging security threats, technologies, and industry bestpractices.
Workingwith management to understand information flow, risks associated withinformation flow, and best ways to protect information.
Participatesin relevant training in an effort to monitor, share, and discuss threats.
Attendsconferences and participates in training programs
Assistthe Internal Audit Manager with execution of other audit fieldwork, writtenreports of internal audit reviews given to the Board of Directors, includingfindings, analyses, conclusions and recommended actions.
Assistwith the execution and completion of all special projects assigned; and,
Allother duties assigned.
Skills and Abilities: Time Management - Managing one's own time.
Critical Thinking - Using logic and reasoning to identify thestrengths and weaknesses of alternative solutions, conclusions or approaches toproblems.
Reading Comprehension - Understanding written sentences andparagraphs in work related documents.
Active Listening - Giving full attention to what other peopleare saying, taking time to understand the points being made, asking questionsas appropriate, and not interrupting at inappropriate times.
Speaking - Talking to others to convey information effectively.
Writing - Communicating effectively in writing as appropriatefor the needs of the audience.
Mathematics - Using mathematics to solve problems.
Competencies : - Problem Sensitivity - The ability to tell when something is wrong or is likely to go wrong. It does not involve solving the problem, only recognizing there is a problem.
- Oral Comprehension - The ability to listen to and understand information and ideas presented through spoken words and sentences.
- Written Comprehension - The ability to read and understand information and ideas presented in writing.
- Oral Expression - The ability to communicate information and ideas in speaking so others will understand.
- Deductive Reasoning - The ability to apply general rules to specific problems to produce answers that make sense.
- Inductive Reasoning - The ability to combine pieces of information to form general rules or conclusions (includes finding a relationship among seemingly unrelated events).
- Knowledge- The ability to be proficient in the application of internal auditing theory, standards, procedures and techniques.
Working Conditions : The work for this position is conducted in an officeenvironment and the requirement for travel is limited. Travel will be required to drive to each bankfacility as needed for audits. This position may require some extended hours asworkload and deadlines dictate.
Education and Experience : Candidate must have one of thefollowing IT Certifications- CISSP, CISM, CRISC, or CISA or in the process ofobtaining one of these certifications. Must have a minimum of five yearsinformation security/technology/audit experience.
Resource Bank strives to be the employer of choice - EEOMinorityFemaleVetsDisabled