We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Information Security Risk Manager

PeoplesBank
85000.00 To 105000.00 (USD) Annually
United States, Massachusetts, Holyoke
Mar 28, 2025

Welcome to PeoplesBank! We are the largest mutually chartered bank in Western Mass and Northern Connecticut, we are proud to lead the way in green values, sustainable energy financing, and charitable giving. Our commitment to operating in the best interest of our customers is matched by our dedication to fostering an inclusive and engaging work environment. We offer excellent compensation, workplace flexibility, and a competitive benefits package to our associates. Our award-winning culture has earned us recognition as the Best Place to Work and Best Local Bank. Join our team of dedicated and innovative individuals and be a part of our dynamic, successful organization. Let's make a difference together! This role is on-site at our corporate headquarters in Holyoke, MA.

Summary:

Are you passionate about safeguarding information and ensuring operational resilience? We're looking for a dynamic Information Security Risk Manager to lead our efforts in developing and maintaining a robust Information Security Risk Monitoring and Management Program.

In this pivotal role, you'll collaborate with IT and Operational Risk teams to identify and respond to incidents that impact our Information Security Risk Profile. You'll also ensure our compliance with GLBA standards and oversee critical programs like Business Continuity, Fraud Prevention, and Identity Theft Red Flags. If you're ready to protect our bank and customer assets with integrity and expertise, we want you to be a part of our mission to maintain operational resiliency and security!

Essential Duties and Responsibilities:

Program Governance:

  • Develop, implement, and manage the Bank's Information Security, Business Continuity, Incident Response, and Fraud Risk Management Policies and Procedures. Ensure these policies and procedures comply with regulatory guidance, industry best practices, laws, and general regulatory expectations.
  • Provide expert consultation to other business units regarding Information Security Risks. Identify and recommend appropriate control implementations.
  • Aggregate the Bank's information security metrics and reporting. Analyze trends, threats, control effectiveness, and significant security events. Report findings to various committees and the Board of Directors, ensuring alignment with regulatory guidance.
  • Integrate results of applications/technology and vendor risk assessments into Information Security Risk Assessment and reporting as appropriate.
  • Assist with the development and monitoring of key risk and performance indicators across the programs.

Information Security / Cybersecurity:

  • Coordinate and review independent security assessments, including periodic external penetration testing and frequent internal monitoring. Collaborate with Internal Audit to identify weaknesses and develop effective corrective action plans.
  • Work closely with Management, Business Lines, and Operational Risk to understand the impact of new initiatives on our Information Security Risk environment and protect the flow of customer information/data.
  • Oversee the annual IT/IS/cybersecurity Risk Assessment process, ensuring timely completion across the Bank's applications, technologies, and processes.
  • Incorporate results of internal controls testing into the Bank's IT/IS Risk Assessment process, suggest improvements, and recommend additional testing as needed.
  • Provide expert guidance to applications, technology, and process owners to develop remediation plans that address deficiencies and enhance our IT/IS/cybersecurity risk profile.
  • Coordinate Information Security Awareness Training Programs, review their effectiveness, and implement new testing and training tactics to keep our associates informed and prepared.

Fraud Risk Program:

  • Identify and mitigate fraudulent activities by developing innovative strategies and collaborating with cross-functional teams to ensure compliance with relevant regulations.
  • Develop key performance and risk indicators (KPIs) to measure the effectiveness of fraud prevention efforts and continuously review and recommend changes to fraud prevention procedures and documentation.
  • Recommend and advise on fraud mitigating controls across various business units and access devices to enhance our security posture.
  • Assist with the development and maintenance of comprehensive reporting to Senior Management on fraud activity, mitigating strategies, and industry developments. Maintain fraud-related risk assessments (ID Theft/Red Flags) and ensure compliance with the FTC Red Flags Rule by maintaining a strong and effective Identity Theft Prevention Program.

Regulatory / Legal Compliance:

  • Coordinate activities under the bank's GLBA program, including training, testing, monitoring, reporting, and completing risk assessments for third-party applications and systems.
  • Work closely with Bank staff, third parties, consultants, examiners, and auditors to ensure compliance with applicable laws and regulations.
  • Lead remediation efforts associated with Information Security-related regulatory findings and recommendations, staying current with required legal, regulatory, and bank training.
  • Assist with audits and examinations to ensure our bank's operations align with regulatory expectations.

Incident Response / Business Continuity Program Support:

  • Participate actively in the bank's Incident Response Program activities, ensuring swift and effective responses to security incidents.
  • Continuously evaluate and update the Business Impact Analysis, policies, and procedures associated with Incident Response and Business Continuity to keep them current and effective.
  • Analyze security incidents and potential incidents to determine root causes and suggest appropriate mitigation steps to process owners.
  • Lead business continuity and recovery testing efforts, including tabletop exercises, to ensure our readiness for any disruptions.
  • Work closely with IT to remedy potential system and application vulnerabilities and issues, enhancing our overall security posture.

Maintain all required certifications and designations associated with Information Security standards, ensuring you stay at the forefront of industry knowledge.

Oversee and direct the Information Security Risk Associate, responsible for managing Information Security monitoring and control validations for Bank technologies. Additionally, manage the Fraud Risk Analyst, who identifies fraud trends and advises on mitigating controls to reduce the impact of fraud across the institution.

Complete all yearly compliance training and testing, adhering to bank, federal, and state regulations. Ensure compliance with Bank Policies and Procedures and uphold departmental and bank-wide service standards.

Other Duties as Assigned.

Education and Experience:

  • Minimum 5 years of experience working in an information security, fraud prevention, or related role.
  • Experience working in a highly regulated industry (banking, financial, investment, defense) maintaining a large volume of non-public personal information preferred.
  • Bachelor's Degree in Technology Management, Cybersecurity or related field preferred
  • Must have the ability to effectively communicate across all levels of associates, who have varying degrees of technical knowledge or expertise.
  • Knowledge of banking regulation (Reg p/GLBA), Reg E, and UCC preferred.

Computer/Technical Skills / Certifications:

  • Must have ONE of these certifications or in process of obtaining: Certifications in Comptia Security+, CYSA+, CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager).
  • Advanced knowledge of systems and technology platforms and architectures; Understanding of SIEM tools, DLP tools, and IDS tools.

Skills Required:

Fast paced working environment; flexible with ability to quickly address issues or concerns;

attention to detail, while still understanding the big picture strategic objectives of the organization.

Work Environment and Physical Demands:

The working conditions and physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the associate is regularly required to sit, use hands to sort, write and keyboard, and to listen and speak. The associate is frequently required to reach, walk, stoop, crouch. The associate is occasionally required to stand, lift, bend, drive and travel.

Applied = 0

(web-6468d597d4-w6ps7)