Information Security Officer

Job Details

Job Location
Bank First Manitowoc - Manitowoc, WI

Secondary Job Location(s)
Bank First Cedarburg - Cedarburg, WI; Bank First Howard - Howard, WI; Bank First Oshkosh - Oshkosh, WI; Bank First Sheboygan - Sheboygan, WI

Description

POSITION SUMMARY:

The Information Security Officer is responsible for developing, implementing, and maintaining a comprehensive information security program that safeguards the confidentiality, integrity, and availability of the bank's information systems and customer data. This role oversees the creation and enforcement of policies, procedures, and controls related to electronic data processing and cybersecurity, ensuring compliance with regulatory requirements and industry standards. This position serves as the primary point of contact for information security matters, collaborates with other departments to identify and mitigate risks, and reports annually to the Board of Directors on the effectiveness of the information security program. The Information Security Officer also leads efforts to educate staff on security awareness and best practices, ensuring the bank remains resilient against evolving threats and vulnerabilities.

RESPONSIBILITIES:

• Develop and implement information security strategies, including vulnerability assessments and penetration testing, and cybersecurity awareness and training.
• Assist in reviewing and updating the Bank's Information Security (IT) Risk Assessment. This includes incorporating new systems/processes into risk assessment. Ensure control assessments are assigned and completed promptly.
• Assists in the preparation for external audits, regulatory exams, and third-party vulnerability assessments and penetration testing.
• Chairs the Bank's Information Security Committee.
• Responsible for maintaining the Bank's Information Security Incident Response Plan. Coordinates incident response activities as needed.
• Engage independent third parties to conduct testing of key controls and systems. Provides updates to the Information Security Committee, the Audit Committee, and the Board of Directors.
• Work closely with the Managed Services Provider on remediation of vulnerabilities and information security efforts.
• Conduct risk assessments, identify vulnerabilities, and recommend mitigation strategies to reduce risk to the bank's information assets.
• Assist with the vendor management processes related to information security, including due diligence and ongoing monitoring of third-party service providers.
• Work closely with Enterprise Risk Management and Internal Audit.
• Ensure staff receive regular security awareness training and maintain documentation of training completion
• Work closely with IT, Risk, Compliance, and other departments to ensure comprehensive coverage of information security across the organization

#INDBF

Qualifications

COMPETENCIES:

• Honesty, Integrity & Ethics - Demonstrates fairness and transparency, guided by moral principles and the organization's code of conduct.
• Accountability - Willingly accepts responsibility for actions, decisions, and outcomes.
• Adaptability - Adjusts effectively to change and remains flexible in dynamic work environments.
• Decision Making - Selects sound courses of action while managing resources and expenditures efficiently.
• Interpersonal & Customer Orientation - Builds strong relationships and focuses on meeting the needs of both internal and external clients with empathy and trust.
• Priority Setting - Assesses task urgency and interdependencies to effectively manage workload and meet deadlines.
• Detail Orientation - Pays close attention to all aspects of a task, ensuring thoroughness and precision.
• Accuracy - Consistently produces error-free work aligned with organizational standards and quality expectations.

SKILLS/KNOWLEDGE/ABILITIES:

• 7-10 years of progressively more responsibility in Information Security\Information Technology, Risk Management, or IT Audit Experience.
• CISA, CISSP, CISM, CRISC certifications or equivalent experience and willingness to obtain and expand certifications.
• Experience developing, implementing, and maintaining enterprise-wide security programs and policies.
• Working knowledge of regulatory requirements and laws, such as, but not limited to, GLBA, FFIEC, and SOX.
• Familiarity with security architectures, cloud security, SIEM, IAM, and penetration testing.
• The ability to explain complex cybersecurity issues to non-technical audiences, facilitating informed decision-making, and fostering a culture of security awareness.
• Strong written and verbal communication, interpersonal, time management, and organizational skills.

This job description does not constitute an exhaustive list of responsibilities, competencies, and skills. Management may revise this job description at any time.