Reporting to the Director of Operational Risk, Information Security & Vendor Management, the Information Security Risk Manager is responsible for assisting the Director of Operational Risk, Information Security & Vendor Management with maintaining and continually enhancing the Bank's information security and second line testing programs. In particular, responsibilities include the development, coordination, implementation, governance, and ongoing management of enterprise-wide policy and controls.
Utilize industry experience and knowledge to provide expertise and support to ensure the Bank's information security program remains in compliance with applicable standards and regulations, including evolving data privacy regulations.
Adhere/enhance control testing processes to ensure information security, risk, and vendor management policies are adhered to.
Assist with the management of cyber security compliance functions including reporting on gaps, variances, and the assessment and disposition of cyber risk. Assist with completion and maintenance of the Bank's FFIEC Cybersecurity Assessment Tool and IT Risk Assessment.
Perform assessments of the current information security and Information Technology framework and develop guidance that addresses gaps.
Assist with development, evaluation, and adherence to IT, risk, and information security policies, standards, and procedures. Socialize policy & control recommendations to stakeholders across the enterprise in order to gain acceptance.
Support the completion of risk assessments of IT processes and products to ensure that they align with Bank policies and objectives.
Participate in information security, vendor management, and risk related projects and initiatives.
Assist with the collection and review of vendor due diligence materials in line with GLBA and TSP regulatory guidance.
Assist with tracking and resolution of internal audit and examination findings related to risk, information security, and vendor management.
Maintain and effectively utilize the Bank's Enterprise Risk Management Software System.
Assist with the annual facilitation of Incident Response tabletop exercises.
Organizes daily department activities and supervises Information Security staff. Conducts performance reviews and provides for ongoing guidance, training, and direction to staff in developing and implementing plans and objectives.
Stays up to date on industry trends, represents the Bank through active participation in community and industry organizations, and participates in user groups and conferences, as needed.
Performs related and unrelated duties as may be required.
5+ years of experience in Bank-specific information security, risk, and/or audit areas
Comprehensive knowledge of technology auditing process, GLBA compliance requirements, and technology risk assessments
Internal Audit, IT Assurance, and/or FDIC/OCC Regulatory experience required
Working knowledge of applicable laws, regulations, and standards relating to security, data privacy, and vendor management
Knowledge of bank operations and bank technology applications
Effective communicator, relationship builder, and advocate for sound risk mitigation practice
Strong organizational skills
Management and supervisory experience required
Middlesex Savings Bank is an EO/AA Employer: Min/Fem/Vet/Disabled