Chief Information Security Officer

Summary:

Responsible for developing and implementing a comprehensive cybersecurity strategy for the Bank. Including, establishing security policies, managing security risks, and ensuring compliance with regulations and standards.

Qualifications:

Education: Bachelor of Science in Information Security, Computer Forensics or related field.

Licenses/Certifications: Certified Information Systems Security Professional ("CISSP"); Certified Information Systems Auditor ("CISA"); Certified in Risk and Information Systems Control ("CRISC"); Certified Information Security Manager ("CISM"); or other equivalent certification required.

Experience: A minimum of seven years of experience in information security. Advanced knowledge of GLBA and compliance related regulations requirements and knowledge of applicable banking policies, procedures, laws, and regulations. Managerial experience must evidence a high level of proficiency at: leading geographically dispersed teams of employees, developing junior staff, and appropriately addressing underperforming staff in close partnership with Human Resources.

Essential Functions:

A: Job Specific:

• Develop and implement a comprehensive information security/cybersecurity strategy aligned with the organization's business objectives.
• Conduct risk assessments, identify vulnerabilities, and develop mitigation plans.
• Establish and enforce security policies, procedures, and protocols, ensuring compliance with industry regulations and standards.
• Lead incident response efforts, including investigation, containment, and recovery.
• Educate employees on security best practices and promote a security-conscious culture.
• Work with other executives and stakeholders to integrate security measures into business operations and communicate security status to the board and other stakeholders.
• Evaluate and implement new security technologies and tools.
• Complete the annual Customer Information Security Program Risk Assessment and Report of the Information Security Officer to the Board of Directors, documenting risks, results of audits and assessments, and breaches.
• Participate in the design and oversight of an Identity and Access Management Program that encompasses all bank applications.
• Participate in Business Continuity Plan (BCP) Committee meetings, oversee the BCP updates and Business Impact Analysis, and ensure that annual BCP Testing per the BCP Test Plan occurs and is adequately documented.
• Responsible for the on-going development of the department members.
• Partners with HR in recruitment efforts, as well as, managing performance; to include but not be limited to; corrective action and/or development plans, evaluate performance and develop staff members, identify training needs and performance issues.

Knowledge/Skills/Abilities:

• The ability to communicate effectively and clearly, both in verbal and written communications, as well as, present information to groups of managers, employees, customers, and the general public.
• Excellent interpersonal skills.
• Excellent problem solving skills.
• Strong knowledge of the business area(s) that are being supported.
• Self-directed and motivated.
• The ability to manage multiple tasks.
• The ability to calculate figures as it relates to accounting processes.
• Strong leadership skills.
• The ability to manage multiple tasks.
• Technical writing, to include reports, procedure manuals, articles for publication, training documents, policies and procedures, and legal documents.
• The ability to read, analyze and interpret financial statements, government regulations, professional journals, etc.
• Must have ability to analyze and solve complex problems, develop automated systems.
• Ability to respond to common inquiries or complaints from employees, customers, regulatory agencies, or members of the business community.
• Experience in risk management and incident response.

Sutton Bank is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity, pregnancy, disability or protected veteran status.