Information Security Officer « ISACA San Antonio / South Texas

Information Security Officer

FUNCTION:

The Information Security Officer is responsible for Jefferson Bank’s (the Bank) Information Security needs, implementing corporate Information Security Awareness programs, managing security policies and procedures, and developing best practices. The Information Security Officer will position the security organization to provide an efficient, effective and up-to-date risk management environment in support of corporate goals. Responsible for developing, updating, and enforcing the Bank’s Information Security Policies to ensure that the Bank is providing adequate protection over their information assets and is following all regulatory requirements.

DUTIES & RESPONSIBILITIES:

Develop, maintain, and enforce information security policies, procedures, and standards within all operational areas of the Bank.
Develop, conduct, and maintain “Risk Assessment” program.
Perform an annual information security self-assessment for presentation to the Boards of Directors.
Ensure that information security is adequately addressed in the development stage of any new technology.
Ensure compliance with established information security policies, procedures, and standards through ongoing monitoring process.
Review and approve user requests to the company’s information systems, assessing the compatibility of the requested user access with the user’s job responsibilities.
Evaluates effectiveness of security tools and testing methods.
Responsible for the analysis, design, implementation, documentation, and maintenance of the systems that protect and ensure the safety of the Bank’s information assets.
Analyze and complete multiple projects ranging across the various platforms as defined by Information Security or development projects.
Effectively represent Information Security as a leader in the implementation of new technology regarding the protection of the Bank’s information assets.
Evaluates development project design requirements to identify any potential impact to Information Security and prepare recommendations detailing those efforts.
Design and develop systems that monitor system security, provide management reports and identify situations where manual intervention is required.
Develop and document security procedures used by security administrators and coordinators in on-going administration of new platforms.
Assures that adequate security controls are in place to protect the confidentiality, integrity, and protection of computer systems, data, software and hardware. Monitors and assures the data integrity and internal security of information linked to outside sources through communication processes.
Effectively communicates and implements security controls between the IT team and business units.
Provides authorization and approval of user access (setup, modifications and terminations) for all applications related to business units within the Bank.
Project Management and Change Control – Manage projects related to the implementation and support of hardware and software as needed. Assist in the development and implementation of systems change control.
This job description is not intended to be all-inclusive, and the employee will also perform other reasonably related business duties as assigned by the immediate supervisor and other management as required. Also, these duties and responsibilities will change as business conditions and technology mandates such change.

MINIMUM QUALIFICATIONS:

WORK EXPERIENCE:

Required

1 – 2 years of broad application standard, security principles, theories, concepts, techniques and strong diagnostic skills usually acquired through experience.
Strong communications and analytical skills.

Preferred

Previous Telecommunications LAN, WAN engineering or other technical field, and previous security experience.
Knowledge of banking systems and departmental functions.