Job Details
Level
Experienced
Job Location
Corporate Office - Oklahoma City, OK
Position Type
Full Time
Education Level
4 Year Degree
Description
The Chief Information Security Officer is responsible for overseeing and reporting on the management and mitigation of information security risks across the Bank and is accountable for the results of this oversight and reporting, and for implementing the Bank’s Information Security Program and related information security strategy and objectives, as approved by the Board of Directors.
PRIMARY DUTIES/RESPONSIBILITIES:
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
- Oversees and reports on the management and mitigation of information security risks across the Bank, reports directly to the Board of Directors and Executive Management, accountable for the results of this oversight and reporting, and has the appropriate authority to carry out the responsibilities of the position and avoid conflicts of interest that could interfere with the ability of the position to make decisions in line with the risk appetite assigned by the Board of Directors.
- Implements the Bank’s Information Security Program and related information security strategy and objectives, as approved by the Board of Directors, that satisfies the Interagency Guidelines Establishing Information Security Standards (Information Security Standards), which were issued pursuant to the Gramm-Leach-Bliley Act (GLBA) that impose certain notice requirements and restrictions on the Bank’s ability to disclosed nonpublic personal information about consumers to affiliates and nonaffiliated third parties, and safeguarding customer information.
- Reviews and approves system and software access for all colleagues.
- Reviews and writes privacy and GLBA related policies and procedures, makes recommendations to the Director of Compliance and Executive Management when and where appropriate, and is required to submit annual reports to the Board of Directors detailing privacy and GLBA issues.
- Monitors and addresses current and emerging risks, and advises the Bank’s Director of Compliance, Director of Information Technology, Technology Committee, and Executive Management in developing and implementing information technology architecture safeguard strategies and controls to mitigate risks and accommodate current and future organizational needs.
- Conducts ongoing information security compliance monitoring activities, performs safeguarding customer information risk assessments for all areas of the Bank and works with personnel throughout the Bank on identifying acceptable levels of residual risk.
- Participates in major information technology projects of the Bank assuring that effective processes for information technology risk management, including those that relate to cybersecurity, are in place.
- Engages with management in lines of business to understand new initiatives, provides information on the inherent information security risk of these activities, and outlines ways to mitigate the risks.
- Champions security awareness and training programs of the Bank.
- Participates in industry collaborative efforts to monitor, share, and discuss emerging security threats, maintains advanced knowledge and awareness of financial industry technical status and trends.
- Participates as a member of the Incident Response Team in the event of a technology incident, assists in the establishment of procedures to address security incidents and partners with members of management to investigate and resolve potential security breaches.
- Serves on the Bank’s Technology Committee and Technology Steering Committee to assisting the definition of information security objectives, and provide strategic and visionary planning, risk management, resource allocation, monitoring of the information security landscape, and evaluation of the status and success of projects.
- Reports significant security events to the Board of Directors, Technology Committee, Director of IT, Executive Management, government agencies and law enforcement, as appropriate and works with the Bank Secrecy Act Officer and Bank Security Officer in the completing and filing of Suspicious Activity Reports (SARs) if warranted.
- Responsible for the enterprise-wide Business Continuity Planning (BDP) including the established and validation of policies and procedures to restore business critical services of the Bank in the event of a disaster or event. Ensures that each department or division has an up-to-date appropriate plan.
- Develops, implements, and monitors information security policies and controls to ensure data integrity, security, systems performance, and legal and regulatory compliance. Must ensure compliance with internal and external audit requirements. Must maintain advance knowledge of cyber security issues, requirements, laws, and trends.
COMMITTEES
Management Team
Technology Committee
Technology Steering Committee
TCAB Committee
Qualifications
EXPERIENCE REQUIREMENTS:
- Bachelors degree with related experience and/or training. Work related experience must consist of information systems management and GLBA compliance experience in the financial services industry.
- Education experience, through in-house training sessions, formal school or financial industry related curriculum, should be business or financial industry related.
EDUCATION REQUIREMENTS:
- Bachelor’s degree in related field. Master’s degree is a plus.
- Professional security management certification as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials are preferred.
OTHER REQUIREMENTS (SKILLS, ABILITIES, CHARACTERISTICS):
- Advanced knowledge of Bank operations, related state and federal laws, rules and regulations and other Bank operational policies and procedures.
- Mastered experience, knowledge and training in progressively responsible information technology department operations, management and supervisory activities.
- Demonstrates strong business judgment and decision-making skills; ability to identify, prioritize and articulate highest impact initiatives.
- Excellent interpersonal skills, enabling the individual to successfully motivate and work with a diverse group of people. Enjoys working in a collaborative, team-based environment.
- Excellent organizational and communication skills. Must be able to explain technical concepts in simple terms to colleagues without a technical background.
- High level of problem-solving skills enabling individuals to take responsibility and/or risk to resolve situations where the outcome will reflect our commitment to quality and client satisfaction.
- Effective budget management.
- The Chief Information Security Officer’s success depends on the ability to work with executive leadership, key stakeholders, technical teams, business analysts, consultants, auditors, and vendors to manage projects, find solutions, maximize quality, and ensure security and compliance.
Additional Information
SUPERVISORY RESPONSIBILITY: No
WORKING CONDITIONS: Normal office environment
EOE Disability/Vets