Information Security Officer
Information Security Officer
Location: Kennebunk, Maine
Come and work with us at Kennebunk Savings. We value your professional expertise and appreciate you as a member of the community. You can be yourself here and use your passions, knowledge, and skills to help customers and advance your career. Is it any surprise we love what we do? We think you will, too.
What does a Commercial Underwriter do?
Under the broad guidance of the Chief Risk Officer, this position identifies Information security risks and ensures that the company’s data, as well as the non-public personal information (NPPI) of our customers, is effectively protected from unauthorized access/use. This position oversees the physical security program, audit and FDICIA programs and manages the vendor review process to ensure adherence to regulatory expectations of any vendor with access to Bank systems or NPPI. This position serves in a manager capacity and is responsible for organizational, people and financial management activities.
Direct the Company’s Information Security and Physical Security Programs:
- Develop and maintain effective information security policies and standards.
- Develop and implement a cybersecurity strategic plan in conjunction with the IT strategic plan.
- Oversee security awareness and information security training throughout the organization.
- Serve as Chair of the Information Cybersecurity Committee (ICC).
- Manage information security risk assessments completed either in-house or by a consultant.
- Identifies and communicates information security risks and makes recommendations to mitigate risks to the CRO and ICC.
- Working with the CRO, manages and maintains an effective Incident Response plan for the organization.
Oversee the Company’s FDICIA Controls Program and Independent Audit Coordination:
- Ensures the effective management and implementation of FDICIA controls and assessment of controls to comply with FDICIA year-end financial statement attestation.
- Oversees the monitoring and facilitation of updating internal control documentation, testing and control remediation.
- Oversees the routine reporting of FDICIA program to Senior Management and Audit & Risk Committee.
- Oversees enterprise risk management activities, including:
- Audits, exams and compliance and loan reviews
- Issue Tracking Database
- Risk management software applications and Kennector sites
- Organizational Management – Develops and implements effective short and long-term strategies to address key issues and achieve organizational goals
- People Management – Builds strategic relationships among teams, departments and business lines. Encourages others to seek innovative approaches to address problems and opportunities. Facilitates the implementation and acceptance of change within the workplace
- Financial Management – Develops and directs organizational financial and budget activities for maximum profitability.
Other Duties and Responsibilities
- Promotes the Kennebunk Savings Brand by recommending our products and services, supporting our community focus & commitment to being a premier employer
- Understands, supports and adheres to applicable organizational policies/procedures and state/federal regulations
- Consistently emphasizes the importance of teamwork in the department and company at large
- Responsible for keeping abreast of company news and information
- Responsible for completing required training and policy review
- May serve on various committees
- Willingness to take on additional tasks and duties
Desired Knowledge, Skills & Abilities
- Solid knowledge of various information security frameworks
- Ability to educate a non-technical audience regarding various security measure
- Displays high level of regard for trust and confidentiality
- Proficient in Microsoft Office Products
- Displays strong written and verbal communication skills
- Displays strong organization skills and the ability to multi-task to meet established deadlines
- Demonstrates a high level of accuracy and attention to detail
- Effectively uses analytical skills to solve technical, as well as, non-technical problems
- Prior knowledge of regulations within the financial services industry is preferred
- Ability to adapt to change
Desired Job Experience
- Minimum of8+ years of varied information technology experience is required. Applicable experience includes, but is not limited to, computer and networking infrastructure, operating systems, application software development, project management, regulatory compliance, risk management, and delivering training.
- 2+ years of direct experience in information security-related duties is required.
- Bachelor’s Degree in Information Technology or Security field.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
Working Conditions/Minimum Physical Requirements
- Physical surroundings are generally pleasant and comfortable with minimal exposure to injury or other hazards
- Dexterity of hands and fingers to operate a computer and other office equipment
- Lifting and moving of moderately heavy objects on occasion
- Normally seated for extended periods of time
- Job family: Risk Management
- Pay Type: Salary
- Travel Required: No
External and internal applicants, as well as position incumbents who become disabled as defined under the Americans with Disabilities Act, or Maine/New Hampshire Human Rights Commissions, must be able to perform the essential job functions (as listed) either unaided or with the assistance of a reasonable accommodation to be determined by management on a case-by-case basis.