Information Security Officer

Merchants Bank has an opening for a Information Security Officer. This on-site position can work from any of our Merchants Bank branch locations in Minnesota or Information Security Officer (ISO) is responsible for leading and maintaining the Banks information security program. This role oversees cybersecurity regulatory compliance risk evaluation and reporting while supporting business objectives. The ISO serves as the Boardapproved leader and works with the Chief Risk Officer and Executive Leadership to align security controls with acceptable risk 5 years of experience in information security management including specific experience in the following areas: audit and exam response incident response reporting and information security program development. 5 years of general IT experience or 3 years of general IT experience and at least a 2-year degree in information security and 2 years of supervisory experience desired. Must have excellent communication skills proficiency in the Microsoft Office Suite be highly organized and willing to investigate and Bank offers competitive wages and benefits for our full-time employees including health dental life disability and vision insurance; flexible spending accounts 401(k) and ESOP retirement plans; bonus plan; paid time off; tuition reimbursement; and a variety of voluntary supplemental insurance options. Pleaseclick on Apply Now or apply in personat any Merchants Bank location. Questions can be emailed to Bank is an Equal Opportunity Employer of women minorities protected veterans and individuals with Summary:This role will be responsible for implementing and managing the information security program for the Bank. The Information Security Officer is responsible for identifying evaluating and mitigating information security risk and reporting on legal and regulatory and IT Security (including cybersecurity) while supporting and advancing business objectives for the Company in alignment with growth and financial performance expectations. Must possess a sound knowledge of business management and a working knowledge of cybersecurity and systems covering the Company network and branch footprint as well as the broader digital ecosystem. This position is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology applications systems infrastructure processes are protected in the environment in which we operate. This role will be the board-designated/approved Information Security Officer for the Company. A key element of the role is working with the Chief Risk Officer the Chief Information Officer and the Executive Leadership Team to determine acceptable levels of risk for the organization. Will proactively work with business units and managers to implement practices that meet agreed-on policies and standards for security. The Information Security Officer should understand and articulate the impact of all security systems on the business and be able to communicate this to the Board of Directors and other senior stakeholders. The Information Security Officer must be knowledgeable about both internal and external business environments and ensure that systems are maintained in a fully functional and secure mode and are compliant with legal regulatory and contractual obligations. Serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality integrity and availability but also to the safety privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. This position understands that securing physical and information assets associated technology applications systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organizations is a business leader expected to maintain objectivity and a strong understanding that security and risk management are foundational but must be managed with balanced perspective about the ability of the business to deliver on its growth and performance goals and objectives. Primary Responsibilities and Duties:Security Governance and Awareness:Provide regular reporting on the current status of all security programs to enterprise risk teams senior business leaders and the Board of Directors as part of a strategic enterprise risk management program thus supporting business socializes and coordinates approval and implementation of security-related policiesDirect the creation of information security awareness training program for all employees and approved system users and establish and monitor metrics to measure the effectiveness of this security training program for the different the consistent application of security policies and standards across all technology projects systems and services including privacy risk management compliance and business continuity clear security risk mitigating directives for projects in conjunction with Enterprise Risk Management framework including the mandatory application of security the Function:Maintain and manage the organizations Information Security Program and proceduresReview the Vulnerability Management Program and recommend improvements as well as ensuring segregation of duty and adequate and timely closure of audit findings. Maintain and manage the organizations Identity and Access Management (IAM) Program and and manage the organizations Vendor Management Program and and manage the organizations Business Impact Analysis and Business Continuity Program (BCP) and procedures. Maintain and manage the organizations Disaster Recovery Program and procedures to align with the BCP program. Ensure the organizations technical asset management and system configuration standards are in alignment with information security with business line leaders and business-related projects to ensure systems and the related processes and procedures meet the organizations security policies. Responsible for researching and maintaining appropriate risk management practices regarding information security and assist management in the organizations overall risk management process to follow regulatory requirements. Participate on behalf of the organization in general information security related and industry specific security information sharing responsibilities:Serve as collaborative liaison with Chief Risk Officer Chief Information Officer & the IT organization on matters related to the budget for the information security the cost-efficient information security organization consisting of direct reports as defined within the Companys organizational design structure for Risk Management. This includes hiring training staff development performance management and timely annual performance reviews for any assigned direct oversight of staff assisting with providing vendor and access management. Strategy Engagement:Works effectively with Chief Risk Officer and all business units to facilitate security risk assessment(s) and risk management processes; sets expectations with business unit leaders to own and accept the level of risk that have been deemed appropriate by the Enterprise Risk Management Committee for their specific risk appetite. Oversee management of information security related vendors per the organizations vendor management program. The employee will be expected to take responsibility to ensure that internal and external customers receive outstanding employee may be asked to perform other duties as required by business employee will be expected to complete compliance and product knowledge assignments in a timely and Abilities Required:5 years of experience in information security management including specific experience in the following areas: audit and exam response incident response reporting and information security program development. Additionally 5 years of general IT experience or 3 years of general IT experience and at least a 2-year degree in information security and 2 years of supervisory certification from an accredited association within the Information Security realmExcellent written and verbal communication to create and use new and existing Spreadsheets Word documents PowerPoint and other tools to provide reporting information to organization leadership. Highly organized self-starter curious and willing to investigate and Conditions:Little or no discomfort caused by environmental exposure to mental/visual fatigue resulting from research of complex systems travel may be unpredictable due to security response and research that must be performed outside of normal banking :Responsible for reporting to the Chief Risk Officer (CRO) for fulfillment of functions responsibilities and authority and for their proper have contact with the Executive Team Board of Directors regulators auditors department managers and staff bank-wide managers end-users and third-party vendors.