Information Security Manager

The Information Security Manager is responsible for overseeing the Bank’s information security and data privacy functions, ensuring the confidentiality, integrity, and availability of systems and data.  This role leads security monitoring, risk assessments, vulnerability management, audit response, and incident remediation while ensuring compliance with internal policies and applicable regulatory requirements.

• Manage daily information security monitoring activities and oversee responses to security alerts, incidents, and threats.
• Monitor databases, systems, and networks for suspicious or unauthorized activities and initiate corrective actions as needed.
• Review exception reports, investigate anomalies, and ensure timely remediation of deficiencies.
• Modify security configurations, access controls, and user permissions to reflect system changes, new software, or role changes.
• Supervise and direct the daily work of the Information Security Officer and Information Privacy Administrator, including task assignments, priorities, and performance guidance.
• Provide ongoing on‑the‑job training and cross‑training to ensure operational continuity and adequate backup coverage.
• Serve as escalation point for information security and data privacy issues.
• Identify potential security risks and vulnerabilities across systems, applications, and data environments.
• Conduct regular risk assessments and implement appropriate mitigation strategies.
• Monitor adherence to internal security policies, industry standards, and regulatory requirements.
• Respond to internal and external information security audit findings and coordinate remediation efforts.
• Review violations of computer security procedures and ensure corrective actions prevent recurrence.
• Monitor implementation of new systems and applications to ensure security controls are embedded in design and deployment in accordance with Bank policy.
• Confer with users, system owners, and management regarding data access requirements, security concerns, system changes, and remediation actions.
• Serve as an internal consultant on data security, business continuity, and disaster recovery matters.
• Coordinate penetration testing, vulnerability scans, and Bank‑wide risk assessments with internal teams and third‑party vendors.
• Track findings, manage remediation plans, and validate resolution.

Education/Experience:

Requirements

1. Bachelor’s degree or equivalent in Computer Science, Management Information Systems or a related field of study
2. 6+ years of experience in System Security Administration or Data Security experience.

Combination of education and experience will be considered. 

Soft Skills

1. Must possess strong organizational, analytical, interpersonal, problem solving, written and verbal communication skills.
2. Must be able to handle confidential and sensitive information. Computer proficient in MS Software, (e.g. Excel, Word, and Outlook).
3. Should be familiar with Microsoft Active Directory, iSeries Administration, and JH Products.
4. Knowledge of website administration and vulnerabilities, MS SQL Knowledge,

Preferred Experience

• Ability to work with various SIEM tools (Arctic Wolf, CrowdStrike Imperva is a plus).

Licenses/Certifications

• CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are a plus or must be obtained within a year of employment in the job function.