Vice President – Information Security Officer

at  Tri City National Bank

Overview:
Invest In You! Tri City National Bank is not just a bank; it’s your community banking partner, deeply committed to prioritizing customers, building strong relationships, and fostering a sense of belonging. Our team-oriented environment offers exceptional opportunities for personal and professional growth, celebrating success, and providing excellent benefits along the way. We believe in unparalleled customer service and the right banking solutions to help fulfill financial dreams and contribute to community growth.
Overall responsibility for the Information Security Officer (ISO) is to develop and manage the governance and compliance of an enterprise-wide information security program ensuring system and data Confidentiality, Integrity, and Availability while adhering to regulation requirements and standards set forth by NIST Cyber Security Framework, CIS Critical Security Controls, FFIEC and other Government Cyber Defense agencies. The ISO will apply information security risk management to develop the program-based industry standards and regulatory expectations. Develop and manage Information Security Program and provide IT Operations with references for related Information Security policies, procedures and best practices. In addition, the ISO is responsible for the Third-Party Risk Management Program.

COMPENSATION: $110,000+ DEPENDING ON EXPERIENCE.

Responsibilities:

• Evaluate and manage the dissemination of the Information Security Risk Assessment. Assist business owners with risk assessment evaluations of new projects and processes.
• Develop the Cybersecurity framework in alignment with OCC regulatory standards (ex. NIST Cybersecurity Framework) in coordination with IT Operations and other business owners with specific risk categories.
• Responsible for assessing, monitoring and measuring mitigating security controls that protect overall system and data while continuing business operations.
• Third Party Risk Management Program Manager, responsible for assisting management and business owners with conducting third party provider assessments, risk scoring, due diligence, and ongoing monitoring and maintenance of the program.
• Maintain Business Continuity & Disaster Recovery Plan and Testing
• Facilitate Business Continuity and Disaster Recovery Committee Meetings
• Facilitate Information Security Risk Management Committee Meetings
• Security Incident Response responsibilities: working closely with IT Operations to ensure evidence gathering, documentation and preservation is completed and documented appropriately and assist with preparing written summary of recognized incidents, corrective action taken.
• Prepare Information Security Program Reports for the Board of Directors. Including Bank risk appetite, measurements and effectiveness of mitigating controls.
• Cyber Security Employee Awareness Trainor, responsible for the development and presentation of the program to company-wide employees.
• Work closely with Audit and Regulatory Examiners. Tracking of remediation and results if necessary.

Qualifications:

• A minimum of 5 years of progressive experience in cybersecurity, with at least 2 years in leadership roles.
• Relevant certifications such as CISSP, GIAC or CISM are strongly preferred.
• Deep understanding of security frameworks, protocols, and best practices. Proficiency in security technologies, risk assessment, compliance standards, relevant regulations (e.g., NIST, ISO 27001)
• Strong ability to influence and work cross functionally to drive business initiatives.
• Strong understanding of current cybersecurity threats, trends, and best practices.
• Excellent team leadership and management skills with a track record of building and leading high-performing cybersecurity teams.
• Exceptional communication and interpersonal skills to engage with stakeholders at all levels of the organization.

• Evaluate and manage the dissemination of the Information Security Risk Assessment. Assist business owners with risk assessment evaluations of new projects and processes.
• Develop the Cybersecurity framework in alignment with OCC regulatory standards (ex. NIST Cybersecurity Framework) in coordination with IT Operations and other business owners with specific risk categories.
• Responsible for assessing, monitoring and measuring mitigating security controls that protect overall system and data while continuing business operations.
• Third Party Risk Management Program Manager, responsible for assisting management and business owners with conducting third party provider assessments, risk scoring, due diligence, and ongoing monitoring and maintenance of the program.
• Maintain Business Continuity & Disaster Recovery Plan and Testing
• Facilitate Business Continuity and Disaster Recovery Committee Meetings
• Facilitate Information Security Risk Management Committee Meetings
• Security Incident Response responsibilities: working closely with IT Operations to ensure evidence gathering, documentation and preservation is completed and documented appropriately and assist with preparing written summary of recognized incidents, corrective action taken.
• Prepare Information Security Program Reports for the Board of Directors. Including Bank risk appetite, measurements and effectiveness of mitigating controls.
• Cyber Security Employee Awareness Trainor, responsible for the development and presentation of the program to company-wide employees.
• Work closely with Audit and Regulatory Examiners. Tracking of remediation and results if necessary