Benefits

Citizens Bank offers competitive compensation and outstanding benefits:

• Medical, Dental, and Vision Insurance
• 401(k) with Employer Matching
• Employee Assistance and Wellness Program
• Life, Short-term and Long-term Disability
• Up to 11 Paid Holidays
• Health and Dependent Care Reimbursement Accounts
• Paid Time Off; Paid Family Leave
• Banking Privileges

Position: Information Security Officer

Position Location

Citizens Bank – Main Branch

275 SW Third St

Corvallis, OR 97333

This position has the possibility of being a hybrid in-person/remote position after satisfactory performance during the initial phase.

Type: Exempt/Officer

Reports to: Department Manager

Description

The Information Security Officer (ISO) is responsible for overseeing and reporting on the management and mitigation of information security risks across the institution and is accountable for the results of this oversight and reporting. This position is responsible for ensuring employees understand and take appropriate action regarding existing and emerging information security risks that can negatively impact the organization from achieving its strategic objectives.

The Information Security Officer will also be responsible for Third Party Risk Management (TPRM). This position is responsible for the maintenance and management of the Bank’s TPRM software & service modules collectively called the “System.” You will work closely with the Branch & Department Managers, Operations Officers, Audit, Compliance, the Executive Team, and regularly report to the Board of Directors Audit and Technology Committees.

Duties and Responsibilities

Developing, implementing, and monitoring of the organization's Information Security and Third Party Risk Management Programs. This includes creating and/or maintaining policies, procedures, standards, guidelines, and/or templates.

Information Security

• Ensuring the Bank's information security practices follow state/federal laws and regulations, as well as industry best practices.
• Working with management to understand the flows of information, the risks to that information, and the best ways to protect the information.
• Overseeing outsourced penetration testing to identify flaws, collaborating with Management and IT to improve security.
• Responsible for the oversight of identified vulnerabilities and working with the IT Department to resolve them, ensuring that our network and data remain secure.
• Performing risk assessments, analyzing business impacts, and providing education to employees and the Board of Directors as needed or when appropriate.
• Manage security training modules, ensuring all employees complete assigned trainings and monitor phishing testing and alerts from our security education vendor.
• Review messages held by the Proofpoint system for sensitive data and follow up as needed.
• Updating Information Security Program and Information Security Risk Assessment for review/approval by the Board Technology Committee.
• Assist IT Manager with review/update of the Wide Area Network (WAN) Services Policy and Computer and Cyber Security Incident Response Plan.
• Track IT’s internal monitoring procedures to ensure they are updated at least annually.
• Review vendor SOC Assessments for the Bank’s third parties.
• Review and work with Compliance on GLBA, Red Flags, and IT Controls risk assessments for updates and ensure assessments are completed, ensure residual risks match Bank’s ERM Analysis.
• Present pertinent information security items to the quarterly Board Technology Committee, including reports on Admin passwords and patch management.
• Present ISO/Red Flags Report, which summarizes the key items in the Bank’s information security program, to the Audit Committee annually.
• Work with IT to complete the Cyber Security Self-Assessment Tool annually.

Vendor Management

• Maintain the original contract files and ensure records and files are all uploaded accurately in the System.
• Onboard new vendors into the System
• Review Risk Assessments, complete Due Diligence and Questionnaires
• Upload contracts into the System.
• Oversight management of policy settings within the System
• Manage the review and updates of the Bank’s Third-Party Risk Management Policy and Program.
• Monitor vendor Service Level Agreements
• Information Security Privacy includes SOC & Cybersecurity assessments.
• Setup Workflows to communicate with Department and Branch Managers regarding tasks and reminders for respective contracts to ensure timelines are followed.
• Review alerts and pull management reports from the System
• Promote and train on the TPRM Program with Department Managers, Branch Managers, Executive Team and Board of Directors.
• Provide support in regulatory audits & examinations, including interacting with, providing response and documentation as requested. Refer to the FFIEC IT Examination Handbook for requirements and more information.
• Review auditor and examiner findings to draft responses with proposed timelines in collaboration with respective Departments.

General

• Maintain the safety, integrity, and confidentiality of customer and Bank information.
• Help maintain a safe and secure work environment.
• Build, develop, and maintain partnerships with teammates and other departments to maximize effectiveness and to best serve our customers.
• Regular and reliable attendance.
• Comply with all applicable policies and procedures as well as governing laws and regulations. This includes but is not limited to performing all assigned duties under the Bank’s compliance program and related laws and regulations. Successfully completing all mandatory compliance training including BSA and any other training as assigned in a timely manner.
• Other duties as assigned.

Required Qualifications

• Bachelor's Degree in Computer Science, Management Information Systems, Cybersecurity; or CISSP, CISA, CISM, CISO or similar certification; or at least 3 years equivalent applicable experience in an information security role (Required)

• Third Party Risk Management experience; CTPRP or similar certification preferred
• Project Management background or skills
• Strong knowledge of banking policies, procedures, and bank products/services
• Experience working in a highly regulated and policy driven work environment
• Experience operating Windows based PC with Microsoft Applications including Word, Excel, and Outlook.
• Experience with general office equipment such as copier, scanner, fax, 10-key, filing systems.
• Proficient knowledge of basic addition and subtraction.

Attributes:

• Ability to build and maintain relationships with branch team members and vendors
• Excellent customer service skills
• Dedication to organization’s goals, objectives, cultural values, mission, and vision
• Enjoy working in a diverse team environment
• Works well with individuals and groups at all organizational levels and collaborates productively to get things done. A great teammate who presents oneself professionally and with confidence to establish trust, credibility, and respect with others.
• Strong leadership, interpersonal, and written and verbal communication skills
• Adaptable to change, self-motivated to create opportunities for learning
• Applies strong critical thinking and problem-solving skills
• Ability to communicate effectively in writing as well as verbally in-person and via phone.
• Ability to prioritize tasks using strong time-management, personal and workspace organization, as well as the ability to seek guidance and resources to accomplish goals
• Ability to work accurately with close attention to detail and consistency
• Exhibit a professional, business-like appearance and demeanor

Working Conditions

• Climate controlled office environment.
• May be exposed to outside climate conditions and/or required to wear protective devises during site and property visits/inspections.
• Work involves being able to concentrate on the matter at hand, under sometimes distracting work conditions, and frequent employee and customer contacts and interruptions during the day.
• Work requires willingness to work a flexible schedule which may require evening work.

Physical Requirements

• Work may involve the constant use of computer screens, reading of reports, and sitting throughout the day.
• Ability to operate a computer keyboard, multi-line telephone, photocopier, scanner, facsimile, which often requires dexterity of hands and fingers with repetitive wrist and hand motion.
• Typically sitting at a desk or table; intermittently standing, stooping, bending at the waist, climbing, kneeling or crouching to file materials and/or site/property inspections.
• Occasional lifting 10 - 20 lbs. (files, boxes).

Disclaimer

Citizens Bank is an Equal Opportunity and Affirmative Action employer and is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, pregnancy, national origin, age, sexual orientation, gender identity, military or veteran status, or disability. All offers are contingent upon the candidate successfully passing a credit check, criminal background check, and pre-employment drug screening, which includes screening for marijuana. Citizens Bank is a federally regulated banking institution. At the federal level, marijuana is an illegal Schedule I drug; therefore, we will not employ any person who tests positive for marijuana, regardless of state legalization.