Previous Job
Previous
Information Security Officer
Ref No.: 18-03301
Location: Miami, Florida
Position Type:Contract to Hire
The Information Security Officer is responsible for the planning, design and enforcement of information security risks, policies and guidelines, and performs comprehensive information security risk assessments. This position identifies, assesses and collaborates to mitigate information security related risks, and builds and adjusts risk framework elements to integrate them into the enterprise risk management program framework. This position ensures the Information Security Program is developed and maintained. Keeps current of new regulatory requirements and develops policies and procedures to ensure compliance and consistency. Researches, analyzes and recommends new cyber risk and information security technologies, procedures and policies. This position performs all essential duties in compliance with regulatory requirements as well as Bank policies and procedures.
Essential Duties:
  • Maintains and enforces the information security and cybersecurity risk management frameworks/methodologies
  • Establishes and maintains the Information Security Program, the system risk management policies and the Information Security Policy and Standards
  • Improves and promotes Information Security related activities
  • Contributes to the development of business unit strategy by providing a view on potential improvement for information security risk and compliance policies and procedures, including an assessment of the existing situation and anticipated changes in the external environment
  • Develops and implements effective processes to identify, measure, report, track and remediate risk related issues
  • Directs and participates in the revisions and delivery for annual approval of the Information Security Policy/Program, GLBA and security report to the Board of Directors
  • Cybersecurity Incident Response Program Management: Reviews potential Intrusion Detection events, malware analysis, high severity security events, plans and initiates the response actions as required, and provides updates to the Audit Committee
  • Manages the Cyber Security Response Team in the event of a technology emergency or breach in confidential information. Coordinates incident investigation and remediation with internal and external resources
  • Constantly updates the cyber security strategy to leverage new technology and threat information
  • Manages the bank's CAT (Cyber Assessment Tool) and makes recommendations in areas where the controls should be enhanced
  • Reviews user access certifications to verify application entitlements are appropriate for each user's role and responsibilities.
  • Provides information security, risk management, technical advice, and counsel to the IT Department
  • Manages all IT security audits and external third-party assessments (e.g., penetration tests, social engineering assessments, targeted assessments) presenting results to the Audit Committee or the Board of Directors as applicable
  • Manages tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with the Information Technology Manager. Recommends appropriate policy, standards, process and procedural updates as part of comprehensive remediation

Requirements:
  • Bachelor's degree
  • Minimum 5 years of experience in the IT risk management and/or IT audit related activities of the financial industry. CISSP, CISA or CISM accreditation preferred. At least 3 years direct experience in information security
  • 2-3 years of experience preferred in in a compliance or regulatory environment related to security and privacy including security compliance frameworks and standards such as FFEIC, GLBA, NIST, ISO, SOX
HR@ICS