Information Security Manager

Leading Bank hiring Information Security Manager

Job Summary:
Manage the analysis, design, development, test, documentation, and implementation of information and network security solutions. Take a leadership role in the development of new security strategies and support of existing systems with an eye toward protecting information on a need to know basis. Whenever appropriate, coordinate the analysis and design of automated security monitoring and alerting systems. The position requires analysis of business process and application software, which affect the integrity, functionality, and reliability of the bank's network and systems. Develops solutions, which provide cost justified security benefits of protecting business information. In the case where a security measure is not apparently cost justified the position must be able to articulate the case for the added need.

Major Responsibilities:
The information / network security manager is a key position in the initial analysis and design of security required to support the business systems. The position is responsible for hiring and directing staff, maintaining good client support, and preserving the integrity of the computing resources.

1. Strong risk management background
2. COBIT 5.0 and Risk IT
3. OCTAVE - (Operationally Critical Threat, Asset and Vulnerability Evaluation)
4. NIST 800 series
5. ISO 27001, 27002 and 27005
6. Risk classification/assessment execution and scoring methodologies for inherent and residual risk
7. Building and executing Governance, Risk and Control (GRC) frameworks
8. Advanced Archer implementations
9. IT Risk Metric and KPI development and management (advanced risk score carding)
10. Information security governance and oversight models
11. Information Security third party risk management program design and execution
12. Information Security Audit/Regulatory compliance

Level of Skill and Type of Experience:
Work experience in the areas of information security, IS auditing, data processing operations, systems development and/or computer programming. (Note: the person must have a minimum of 5 years experience in information security, 7 years experience in the other fields and/or be able to thoroughly demonstrate the skills necessary.)

The Manager should also have working knowledge of:

1. Knowledge of several operating systems and corresponding security systems in use at the bank. Maintain certifications for security and information systems.
2. Outstanding oral and written communications skills. This includes the ability to make formal stand-up presentations to all levels of Bank management, and to prepare detailed project proposals which include detailed justifications, cost estimates, manpower requirements, etc.
3. A demonstrated ability to manage complex projects in an effective manner. This includes the ability to prepare detailed task plans outlining all requirements to complete the given assignment.
4. Knowledge of most banking concepts and theories.
5. A thorough knowledge of security software packages and operating systems in use at the bank, networking concepts, and information security principles.
6. Have a thorough understanding of personal computers and software productivity packages like MS Office, Access, Excel, and terminal emulation software.

Principal Inside and Outside Contacts:
Inside the organization: the primary contacts will be with branch and administrative users of the Bank's computer resources, Technical Support, Systems Development and Computer Operations. Outside the organization: the primary contacts will be with information security personnel at other companies and user groups. Vendor support contacts and technical sales staff.

Certifications:
• CISSP - Certified Information Systems Security Professional
• CISM - Certified Information Security Manager