Information Security Officer

Summary: The Information Security Officer will play a critical leadership role in our organization, reporting directly to the Senior Vice President (SVP) and Chief Information Security Officer (CISO). This individual will be instrumental in building and managing key security programs, including threat and vulnerability management, cyber incident response, data security, data protection, security engineering, and cyber risk management and governance. As the right hand to the SVP, the Information Security Officer will have a significant impact on our overall security posture and will be a key contributor to our mission of safeguarding our information assets.

Job Responsibilities:

Leadership and Collaboration

• As a trusted advisor and right hand to the SVP and CISO, provide strategic direction and support in information security, offering technical leadership and mentorship to the security team.
• Collaborate with IT, DevOps, and application teams to integrate security practices, act as a subject matter expert for threat detection and vulnerability management.
• Represent the organization in cybersecurity audits, assessments, and compliance activities.

Reporting

• Work closely with other members of the Enterprise Technology Risk Management Team to develop metrics (KRI/KPI) reporting as it relates to Technology Risk Management adherence throughout the bank.

Compliance and Continuous Improvement

• Ensure compliance with relevant legal, regulatory, and industry standards related to information security.
• Foster a culture of continuous improvement by staying up-to-date with the latest security trends, technologies, and best practices.

Threat and Vulnerability Management

• Develop and manage a comprehensive threat and vulnerability management program that identifies, assesses, and mitigates risks to our information systems.

Security Engineering and Design

• Lead the security engineering and design efforts to integrate security into the development lifecycle of our systems and applications

Data Security and Protection

• Establish and enforce robust data security and protection policies and procedures to safeguard sensitive information.

Cyber Security Risk Management and Governance

• Implement a comprehensive cyber risk management framework that includes risk assessment, risk mitigation, and governance policies.

Other Responsibilities

• Performs other job-related duties as assigned.

Job Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience) required.
• A Master’s degree or a relevant advanced certifications (e.g., CISSP, CISM, OSCP, CEH, GIAC) are highly desirable.
• Minimum of 10 years of experience in information security, with a proven track record of leadership and management in security roles.
• Excellent leadership and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and senior executives.
• Ability to think strategically and develop long-term plans for the organization's security posture.
• Strong verbal and written communication skills, with the ability to present complex security information clearly and concisely.
• Proven ability to analyze complex security issues and develop effective solutions.
• Ability to adapt to changing security landscapes and emerging threats.
• High ethical standards and a commitment to protecting the organization's information assets.
• Deep understanding and experience with implementing or maintaining ISO 27001 cyber security framework.
• Strong technical knowledge of security technologies, tools, and practices. Experience in threat and vulnerability management, incident response, data security, and security engineering.
• Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, ISO27001 CSF, and OWASP.
• Knowledge of Cyber security risk assessment frameworks.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication and leadership abilities.

Columbia Bank and its affiliates is an Equal Opportunity Employer

Affirmative Action Employer/Males/Females/Protected Veterans/Individuals with Disabilities