Information Security Officer
Fortis Bank · Midvale, UT · 1 wk ago
Information TechnologyFull-time
Responsibilities
- Develop, implement, and maintain the bank's information security policies, procedures, and standards in alignment with regulatory requirements and industry best practices.
- Lead risk assessments, vulnerability management, and security incident response efforts, including coordination with internal teams and external partners during security incidents.
- Oversee the design and execution of security controls for IT systems, networks, cloud environments, and third-party vendors.
- Conduct regular security audits, IT risk assessments, penetration testing, and compliance reviews to identify and remediate potential weaknesses.
- Collaborate with senior leadership to integrate security into business processes, including new product launches and technology acquisitions.
- Manage security awareness training programs for employees and ensure ongoing education on emerging threats.
- Prepare and present reports on security metrics, risks, and compliance status to executive management and the board of directors.
- Manage the business continuity/disaster recovery program for the Bank, including annual tabletop exercises.
- Stay abreast of evolving cyber threats, regulatory changes, and technological advancements to proactively enhance the bank's security posture.
- Cook up with regulators during examinations and audits, ensuring timely response to findings and implementation of corrective actions.
Requirements
- Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred.
- Minimum of 7-10 years of experience in information security, with at least 3 years in a leadership role within the banking or financial services industry.
- Proven experience with FDIC examinations, including preparation, participation, and follow-up on findings for banks with assets in the $1-2 billion range.
- Demonstrated expertise in conducting and managing other relevant audits, such as financial statement audits, IT general controls audits, and compliance reviews typical for mid-sized community banks (e.g., under GLBA, FFIEC guidelines, and BSA/AML frameworks).
- Hands-on experience implementing cybersecurity frameworks, including CRI Profile of NIST Cybersecurity Framework (CSF) 2.0 and CIS 8.1, with a track record of mapping controls to regulator requirements.
- Professional certifications such as CISSP, CISM, CRISC, or equivalent.
- Strong knowledge of security technologies, including firewalls, intrusion detection/prevention systems, encryption, and endpoint protection.
- Excellent communication skills, with the ability to translate complex technical concepts to non-technical stakeholders.
- Able to work in a fast-paced environment and manage multiple priorities effectively.
- Strong organizational time management skills, problem solving skills, and the ability to quickly grasp concepts and processes with limited guidance from management.
- Strong written and verbal communication skills.
- Must be able to work in a team environment with the ability to interact well, and in a positive manner, with co-workers and management.
- Strong written and verbal communication skills.
- A positive and collaborative approach with both peers and management.
- Versatility, flexibility, and a willingness to work on consistently changing priorities with enthusiasm.
Qualifications
- Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred.
- Minimum of 7-10 years of experience in information security, with at least 3 years in a leadership role within the banking or financial services industry.
- Proven experience with FDIC examinations, including preparation, participation, and follow-up on findings for banks with assets in the $1-2 billion range.
- Demonstrated expertise in conducting and managing other relevant audits, such as financial statement audits, IT general controls audits, and compliance reviews typical for mid-sized community banks (e.g., under GLBA, FFIEC guidelines, and BSA/AML frameworks).
- Hands-on experience implementing cybersecurity frameworks, including CRI Profile of NIST Cybersecurity Framework (CSF) 2.0 and CIS 8.1, with a track record of mapping controls to regulator requirements.
- Professional certifications such as CISSP, CISM, CRISC, or equivalent.
- Strong knowledge of security technologies, including firewalls, intrusion detection/prevention systems, encryption, and endpoint protection.
- Excellent communication skills, with the ability to translate complex technical concepts to non-technical stakeholders.
- Able to work in a fast-paced environment and manage multiple priorities effectively.
- Strong organizational time management skills, problem solving skills, and the ability to quickly grasp concepts and processes with limited guidance from management.
- Strong written and verbal communication skills.
- Must be able to work in a team environment with the ability to interact well, and in a positive manner, with co-workers and management.
- Strong written and verbal communication skills.
- A positive and collaborative approach with both peers and management.
- Versatility, flexibility, and a willingness to work on consistently changing priorities with enthusiasm.
Skills
- Strategic thinking
- Regulatory compliance
- Risk assessment
- Security incident response
- IT system security
- Cloud environment security
- Third-party vendor security
- Security audits
- Penetration testing
- Compliance reviews
- Business process integration
- Security awareness training
- Business continuity/disaster recovery
- Evolving cyber threats
- Regulatory changes
- Technological advancements
- FDIC examinations
- Financial statement audits
- IT general controls audits
- Compliance reviews
- Security frameworks (CIS 8.1, NIST CSF 2.0)
Benefits
- Competitive salary commensurate with experience.
- Employee stock purchase plan.
- Health, dental, and vision insurance.
- 401(k) retirement plan with company match.
- Flexible work schedule.
- Professional development opportunities.
- Work-life balance initiatives.
Pay
- Competitive salary commensurate with experience.
Schedule
- This position is required to be in the office 5 days per week.