RT-Connections, LLC

TITLE OF JOB: INFORMATION SECURITY OFFICER

SUPERVISOR'S TITLE: VICE PRESIDENT, RISK MANAGEMENT

POSITION STATUS: EXEMPT

Responsible for the Cybersecurity / Information Security function throughout the bank to ensure protection from internal and external corruption or invasion of corporate data and information systems, and to protect and safeguard company and customer information.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

1. Develop and implement Cybersecurity / Information Security policies and procedures related to the platform and applications under domain.
2. Identify legal and Regulatory requirements and organizational policies, procedures and standards related to the Information System Controls and Cybersecurity / Information Security to determine their potential impact on the business objectives.
3. Identify potential threats, vulnerabilities and exposures for business processes and any associated data in order to assist in the evaluation of the enterprise risk.
4. Develop, recommend, and implement control systems and solutions to ensure security of data and critical information against unauthorized modification, destruction or disclosure.
5. Evaluate all data security systems for vulnerabilities, develop/implement data and information risk assessment programs, and develop/implement security best practices as appropriate.
6. Identify IT architecture and ensure that technical architecture and operational security requirements are in conformance with policies and procedures.
7. Perform risk analysis for data security development projects.
8. Implement techniques for integrating risk management and IS Controls into business and IT processes and cost-benefit analysis for mitigating risks to acceptable levels.
9. Evaluate security protection products to determine the applicability of the product to the company's environment.
10. Identify, evaluate and review risk response options to provide management with information to enable risk response decisions for validation of efficiency, effectiveness and economy.
11. Develop and implement a security awareness program to provide guidance and training to employees to ensure compliance with standards and policies for data integrity and applied systems.
12. Develop and implement Social Engineering and Phishing Campaigns to test the security awareness program and provide guidance and additional training to employees.
13. Act as a backup for updating of the bank PAYplus systems with the Office of Foreign Assets Control SDN & Blocked Persons and Financial Crimes Enforcement Network provided by the United States Department of the Treasury.
14. Manage the bank's GLBA Safeguarding Customer Information Program and Information Security / Cybersecurity Risk Assessment.
15. Manage and coordinate the Identity Theft Prevention Program.
16. Member of Vendor and Third Party Management Committee of the bank, that ensures proper implementation of other control functions, including but not limited to, Third Party Risk Management, providers and outsourced activities, and oversee the risk management function to ensure proper mitigation of risks is maintained.
17. Perform all additional tasks as assigned by company management.

POSITION REQUIREMENTS:

1. Preparing, performing and overseeing the implementation and maintenance of Cybersecurity / Information Security policies/procedures and systems.
2. Knowledge of cost-benefit analysis and return of investments.
3. Appropriate and effective analysis of Cybersecurity / Information Security issues and implementation of corrective or improvement measures.
4. Resolves problems, issues and conflicts related to information and data integrity, and security.
5. Makes technical decisions concerning data security processes, policies and systems.
6. Position requires the ability to work flexible schedules and some travel.

JOB KNOWLEDGE, SKILLS & ABILITIES:

1. Knowledge of reputable, reliable and timely sources of information sharing regarding merging information security threats and vulnerabilities. To include Cybersecurity / Information security controls and countermeasures and the methods to analyze their effectiveness and efficiency.
2. Knowledge of legal, regulatory, organizational and other requirements related to Cybersecurity / Information security. To include current and new laws, regulations and internationally recognized standards.
3. Knowledge of data security management, security administration, Security implementation, Security Architecture, PC network, systems infrastructure, Monitoring and auditing procedures.
4. Knowledge of MS DOS, Windows Operating System, AS400, Midas Kapiti Equation, SNA, WAN/LAN networking, Next Generation Palo Alto Firewalls, Internet Security Systems, IDS/IPS, Antivirus Administration, Database and SQL Security Administration and some programming.
5. Knowledge of post-incident review practices and investigative methods to identify root causes and determine corrective actions.
6. Excellent verbal and written communication skills. Bilingual (English/Spanish) preferred.
7. Excellent organizational, analytical and customer service skills.

EDUCATION AND EXPERIENCE:

1. Bachelor's Degree in Information Systems or applicable major field of study or equivalent applicable progressive experience.

PREFERRED:

1. Information Security and Risk and Information Systems Control Certifications preferable or equivalent 8 years of applicable progressive experience.

PERSONAL RESPONSIBILITIES:

1. Abides by the bank's Code of Conduct, operational and general policies and procedures, complying with all applicable laws, rules and regulations, including but not limited to the Bank Secrecy Act, Anti-Money Laundering, Know Your Customer, Suspicious Activities and Office of Foreign Assets.
2. Ability to work as a positive Leader and Team Member and to effectively communicate with others at all levels.
3. Accountable for establishing and implementing a wide variety of strategic business operations plans through building an effective functional management team.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Information Technology

Industries

Banking, Investment Banking, and Financial Services

#J-18808-Ljbffr

---

About Us

RT-Connections, LLC

---

Company Information

RT-Connections, LLC
Houston