Information Security Officer | Onsite in College Station. TX

Vaco Technology
 Remote
Job posting is no longer available
Sign Up for Job Alerts

***Information Security Officer***

***Onsite in College Station, TX - 77845***

Job Description

The Information Security Officer (“ISO“) is a senior level professional responsible for driving efforts to prevent,

monitor and respond to information/data breaches and cyber-attacks. The overall objective of this risk management

role is to ensure the execution of Information Security directives and activities in alignment with client's Information

Security Program and to remain compliance with all Regulatory requirements.

Key Responsibilities

  • Demonstrates understanding of client's Information Security standards and best practices.
  • Communicates and recommends relevant updates and changes to client's Information Security standards and processes with the business.
  • Establishes relationships with business managers and is consulted as a subject matter expert in Information Security.
  • Influences decisions made by various Committees through recommendations and strong interpersonal skills.
  • Performs ISO-related tasks across the client Information Security Program and ensures that deliverables are completed per applicable project timelines.
  • Documents all suspected, identified, and reported security incidents (SIRTs). When needed, assists the Incident Response Team on investigation and triage tasks.
  • Responsible for responding to security events by ordering emergency actions to protect the institution and its customers from imminent loss of information. Work with insurance companies and assist in the preparation of breach notification letters to clients/Regulators/etc., as needed.
  • Receive and review Managed Security Service Provider SecurLOG alerts (i.e., Windows, firewall, intrusion detection, etc.).
  • Assists in documenting corrective action plans for all Information Security-related gaps and reviews evidence prior to submitting issues for closure to ensure they meet client's technical and audit requirements.
  • Works with the business to manage Information Security risk by analysing the root cause, impact, and likelihood of issues, and then supports the business in implementing corrective action plans, risk exceptions, and/or compensating controls where appropriate.
  • Partners with the Chief Technology Officer to ensure vulnerability assessments are completed and issues are remediated, or risks accepted in accordance with client's Information Security Program.
  • Review and recommend changes or enhancements to the IT Risk Assessment, Cybersecurity Assessment Tool, Ransomware Self-Assessment and any other policy or risk-based technology and security framework material with a focus on overall security protection and improvement.
  • As required by State or FDIC regulators, the Information Security Officer may serve as the primary point of contact for Information Security-related topics and provide Information Security deliverables during all internal and external regulatory audits and examinations.
  • Assists the business in ensuring that Information Security-related audit issues, identified through internal or external audits, are addressed timely.
  • Provides general Information Security awareness training to business partners on relevant current and emerging Information Security risks.
  • Advises the business of the appropriate controls for safeguarding sensitive information based on client's Information Security standards and the Information Security risks inherent and/or affecting the information assets.
  • Participate as a member on all Committee's relevant to this job description.
  • Assist in the review of IS/Cyber insurance policies.
  • Assist with the completion of the annual GLBA IS/IT Report.
  • Assist with ongoing role-based security reviews to ensure least privilege access is deployed across the client.
  • Make recommendations to enhance user and group security across all application platforms.

Qualifications

  • Bachelor's degree/University degree or 10+ years of relevant experience
  • Master's degree preferred
  • CISA, CISM and/or CISSP certification is desired
  • Proficient in interpreting and applying policies, standards, and procedures
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Excellent problem solving and proven analytical skills
Support