Information Security Manager
: Job Details :

Job Description First American Bank was founded in Chicago, and over the years has expanded throughout Wisconsin and Florida. As the largest privately held bank in Illinois, we now have over 60 locations and assets of $5+ billion. We are a community bank at heart with international expertise, traditional values, and a forward-looking philosophy. Our employees have the experience and vision to meet the needs of savers, borrowers, and businesses in the 21st century. First American Bank can offer employees a level of visibility, career growth, and stability that is difficult to find in many larger corporations. The Information Security Manager is responsible for planning, creating, and maintaining the Bank's Information Security Program, and promoting a security environment that ensures the confidentiality, integrity, and availability of information managed by the Bank. In addition, this individual maintains ongoing risk assessments, leads the evaluation, and coordinates the adoption of risk-based and cost-effective mitigating controls. DUTIES & RESPONSIBILITES

• Implement and maintain an effective information security program as directed by executive management that supports corporate goals, financially responsible risk tolerance, and regulatory guidance.
• In collaboration with management, review and maintenance of Information Security policies and related standards and procedures.
• Oversee the administration of the Incident Response/Enterprise Disaster Recovery/Business Continuity Platform (BCP) and implementing process improvement initiatives.
• Monitor programs to assure uniform adherence to policies, procedures, and standards.
• Work with management of all organizational units and in developing and maintenance of information security risk assessments designed to identify and evaluate inherent risks, controls, and residual risks consistent with the Bank's risk tolerance.
• Manage the implementation of information security metrics and reporting processes and preparation of periodic reports to senior management.
• Manage and continual evaluation of, security controls, systems, and procedures to assess their effectiveness. Work with management to identify, develop, and execute plans to maintain adequate monitoring and address information security risks commensurate with the bank's risk tolerance.
• Develop, mentor, and manage a high performing staff of information security professionals. Directly manage the daily activities of employees within the department, coordinating and prioritizing requisite duties and daily assignments while appraising employee productivity and performance. Compose and deliver performance evaluations.
• Responsible for employee hiring, training, staff development, scheduling, and direct assistance with coverage of daily workloads when needed. Monitor work standards and adherence to company policies. Proactively deliver feedback to direct reports to promote staff development, and administer corrective action as needed.
• Provide advice and counsel to other organizational units during project or product development life cycle to ensure that risks are identified, and appropriate security controls are considered during vendor selection and process development, or improvement efforts.
• Develop, implement, and assess cybersecurity incident response plans.
• Ensure appropriate coordination exists with Business Continuity Programs and Disaster Recovery Plans and Cybersecurity Incidents Response Plans.
• Provide advice and counsel and collaborate with the Compliance Department to develop, implement, and maintain the Bank's Vendor Management. Participate in the review of reports of service organization controls and assist the business units in evaluating compensating end user controls.
• Educate Board members and stakeholders on cybersecurity-related matters to increase awareness and promote a culture focused on mitigating information security risks. Establish standards that ensure all employees receive mandatory training in information security awareness and information security policies, guidelines, and procedures.
• Participate in the preparation prior to regulatory examinations and audits and serving as an active respondent to questions which arise during an examinations and audits.
• Participate in other committees and projects to ensure the consistent application of policies and standards across all technology projects, systems, products, and services.
• Stay current with the changing threat landscape, technology trends, industry standards, applicable regulatory guidance, and best practices related to information security risk mitigation and communicating those concepts in an appropriate business context to management and the Board.
• Conduct and complete additional assignments/projects as designated by management.

QUALIFICATIONS

• Bachelor's Degree in a computer or technology related field, business, or related discipline is required.
• A minimum of five years' Information Security or Cybercrime related experience required.
• Demonstrated experience with Networking Design and Firewall management.
• Demonstrated understanding of current technology and regulatory trends affecting financial institution information security programs.
• Strong understanding of risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security.
• Demonstrated project management skills including the ability to manage multiple complex priorities and competing agendas without express authority over delivery teams.
• Knowledge of laws, cyber security standards, and compliance frameworks such as FFIEC, GLBA, ISO, NIST, COBIT, SOX, HIPAA, and PCI DSS, as well as emerging privacy laws.
• Demonstrated sound judgment as well as strong decision-making, analytical, and critical thinking skills.
• Possess the ability to respond to business needs with agility, a sense of urgency, and a commitment to high ethical standards, regulatory compliance, customer service and business integrity.
• Must be professional, comfortable speaking with external and internal contacts with a demonstrated ability to tailor the message appropriately to the audience and situation effectively. Must possess strong verbal and written communication skills to effectively interact with leaders at multiple levels and facilitate team interactions.
• Ability to bring key stakeholders together to achieve consensus rapidly and collaboratively on priorities and to develop paths forward to work through tasks and projects.
• Demonstrated ability to convey thoughts and ideas effectively and succinctly via written formats, including emails, letters, and electronic platforms. Maintain professional standards relating to spelling and grammar.
• Maintain credibility through professional demeanor, appearance, and presence by modeling standards appropriate to our environment and industry.
• Maintain good working relationships with internal partners by exhibiting exemplary interpersonal skills, adopting a constructive, solutions-focused approach.
• Use sound professional judgment to balance the interests of the organization and customer, understanding and using available resources to mitigate risks.
• Proficiency with Microsoft 365 products and applications, including the ability to effectively prepare or review documents, procedures, and reports.
• Demonstrated ability to learn new systems and applications, as well as the ability to understand, adapt and adjust responsibilities/workflows as a result of system upgrades.
• This position requires regular travel to corporate facilities and Bank locations throughout the Chicagoland and Wisconsin branch network.
• Occasional out-of-state travel may be required.
• Typical schedule is Monday through Friday 8:00 a.m. to 5:00 p.m. Additional hours may be required depending upon business need.
• Punctuality is required to maintain First American Bank's customer service standards.