Information Security Officer

PRIMARY PURPOSE OF JOB

The Information Security Officer is responsible for the ongoing management of information security policies and procedures ensuring compliance with established standards to maintain the confidentiality, integrity, and availability of all organization information systems. Demonstrates expertise in a variety of the field's concepts, practices, and procedures. Performs a variety of tasks. Leads and directs the work of others.

EXPECTATIONS OF ALL SOUTHERN BANK TEAM MEMBERS

• Southern Bank team members are a family, rooted in the communities we serve and working together to be the best in our industry, utilizing innovative ideas and strong products. The Southern Bank Patch illustrates these ideals.
• Ensures the confidentiality of customer non-public personal information and secures information systems to comply with bank regulations.

ESSENTIAL FUNCTIONS AND PERFORMANCE AREAS

• Leads the IS department’s operational and strategic planning;
• Responsible for implementing, managing, and enforcing information security directives as mandated by GLBA, SOX, and FFIEC guidelines;
• Develops and maintains the bank’s Information Security Program;
• Develops and maintains the bank’s Cybersecurity Program;
• Develops and maintains the bank’s business continuity plan and conducts plan testing;
• Monitors internal control systems to ensure that appropriate information access levels are maintained;
• Performs information security risk analysis and reviews information system activity for information security processes;
• Develops and implements all IS policies and procedures related to information access and control;
• Ensures that the bank is using modern information security measures and that these measures are appropriately implemented, administered, monitored, and changed in response to cybersecurity conditions;
• Monitors compliance within the bank’s security policies and procedures among employees and other third parties;    
• Perform or manage ongoing information security and IT asset risk assessments and audits to ensure that information systems are adequately protected and meet guidelines;
• Investigates and reports all information security violations;
• Lead information security awareness and training initiatives to educate team members about information security risks;
• Lead an incident response team to contain, investigate, and prevent future (system) security breaches;
• Negotiates and administers IS vendor, outsourcer, and consultant contracts;
• Manages IS staffing, including recruitment, supervision, scheduling, time sheet approval, development, evaluation, and disciplinary actions;
• Manages financial aspects of the IS department, including purchasing, budgeting, and budget review;
• Works directly with internal and external auditors, examiners, and executive management concerning exams, audits, or inquiries concerning Information Security;
• Maintains a current understanding of the IT threat landscape for the industry;
• Attends Board, Manager, and Committee meetings as required;
• Performs required reporting to the Board, Manager’s and Committee’s as required; and,
• All other duties as assigned.

The following specifications are general guidelines based on the minimum education and experience normally considered essential to the satisfactory performance of this position.  The requirements listed below are representative of the knowledge, skill and/or ability required to perform the position in a satisfactory manner.  Individual abilities may result in some deviation from these guidelines.

KNOWLEDGE, SKILLS, AND ABILITIES

• Proven ability to manage issues through to resolution with attention to detail;
• Strong verbal and written communication skills;
• Ability to work independently and effectively with multi-locations;
• Knowledge of financial services regulations and guidance, such as GLBA, SOX, FFIEC;
• Strong analytical skills; and,
• Ability to prioritize and multi-task in a fast-paced environment.

EDUCATION, TRAINING AND EXPERIENCE REQUIREMENTS

• Bachelor’s Degree or equivalent related experience required;
• Minimum of 3-5 years relevant work in Information Technology operations; and,
• Previous knowledge and experience with SOX, GLBA and FFIEC preferred.

CORE COMPETENCIES

Family & Trust: Southern Bank team members build relationships based on trust and mutual respect, maintain an inclusive and honest environment and uphold integrity and transparency in all interactions.

Rooted & Service: Southern Bank team members are committed to serving customers, communities and teams with purpose, professionalism, and respect, while effectively communicating and actively listening to meet their needs.

Innovation & Strength: Southern Bank team members foster collaboration and continuous improvement, encourage visionary thinking, and strive for excellence to drive the organization forward.

Building Partnerships: Identifying opportunities and taking action to build strategic relationships between one’s area and other areas, teams, departments, units, outside vendors and partners, or organizations to help achieve business goals.

Leadership Disposition- Back Office: Demonstrating the traits, inclinations, and dispositions that characterize successful leaders; exhibiting behavior styles that meet the demands of the leader role.

Aligning Performance for Success: Focusing and guiding others in accomplishing work objectives.