Job Specifications
Job Details
Description
Looking to join a Great Place to Work Employer and become a valued member of our growing team? At SmartBank, we're not just offering a job; we're inviting you to be a part of a culture built on excellence. In this role, you'll be responsible for providing oversight and management to protect the information assets of SmartBank and actively work with business partners and services providers to institutionalize a solid security and overall IT governance framework.
Major Duties And Responsibilities
Core Values and Organizational Culture
Upholds SmartBank Core Values and Purpose.
Follows the practices outlined in the SmartBank Way, including acting, looking, and being smart.
Security Strategy Development
Design and implement a comprehensive information security strategy aligned with the organization's business goals and risk appetite.
Advise management on industry developments in business practice, technology, security issues and legislation that impact the company's security policy.
Edit and maintain IRP plan and report changes to appropriate committees.
Perform ongoing monitoring for the occurrence of security incidents, as well as prioritize resolution and follow up to confirm remediation of issues.
Develops, maintains, and coordinates the Bank's Business Continuity Program.
Develop and deliver organization-wide security awareness programs to educate employees on the best practices and promote a security-conscious culture.
Risk Management
Lead the Information Security risk assessments, evaluate, present and propose remediation solutions to the appropriate oversight committees.
Maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks to confidential information and information systems.
Assess the quality of cyber and information security controls, including physical controls that ensure both physical and logical security, and make recommendations to management for enhancements to address residual risks identified.
Policy and Governance
Develop, maintain, and enforce information security policies, standards, and procedures to ensure compliance with industry regulations (e.g., FFIEC, NIST, GLBA) and best practices.
Evaluate newly proposed security policies, partner with other business areas to identify required technology changes to comply with and provide recommendations to management.
Partner with business lines and users to enforce corporate information security policy and procedures, aid in identifying risk(s) and associated controls required for ongoing processes, as well as proposed projects.
Provide regular updates to the executive leadership team and board of directors on the state of information security, including risks, incidents, and program performance.
Prepare the annual report to the Board of Directors that address the results of the risk assessment process; risk management and control decisions; service provider arrangements; results of security monitoring and testing; security breaches or violations and management's responses; and recommendations for changes to the information security program.
Vendor Management
Conduct due diligence to evaluate vendors' security practices before onboarding.
Assess risks associated with vendors' access to data, systems, or services (e.g., data breaches, non-compliance with regulations).
Verify that critical vendors meet SmartBank's security policies and regulatory requirements.
Education
Position Requirements and Qualifications:
Bachelor's degree in business, Information Technology, Computer information systems, Computer science or equivalent is required.
Ten years of relevant work experience in information security and the financial services industry.
Experience with Business Continuity Planning, Incident Response Planning and Vendor Due Diligence
Training Requirements (licenses, Programs, Or Certificates)
ISACA Certified Information Security Manager (CISM), ISC2 Certified Information Systems Security professional (CISSP), or an equivalent certification required.
Knowledge, Skills, And Abilities
Experience and knowledge of application and operational security systems, security audits, and vulnerability assessments.
Ability to apply knowledge and sound judgment in decision-making using established guidelines.
Knowledge of regulations and guidance as it pertains to privacy, information security and risk management.
Strong written and oral communication skills.
Detail oriented and ability to work independently or within a Team Environment as the job dictates.
Ability to weigh business risks and enforce appropriate information security measures.
High level of integrity and confidentiality.
Ability to troubleshoot and resolve issues.
Ability to multitask and handle various requests and tasks at a time.
Work Conditions
Ability to stand for long periods of time as needed.
Frequently and regularly required movements using wrists, hands, and/or fingers.
Average, ordinar
About the Company
SmartBank emerged in January 2006, when long-time executive bankers Bill Carroll and Billy Carroll decided to start the process of organizing a bank with the image, values and service level that would become incomparable to any other bank in the market. SmartBank opened its first office in January 2007 in Pigeon Forge, Tennessee. Today, SmartBank has 42 branches spanning Tennessee, Alabama and Florida. Recruiting the best people, delivering exceptional client service, strategic branching and a conservative and disciplined ap...
Know more