Chief Information Security Officer
Company: Conference of State Bank Supervisors
Location: Washington
Posted on: November 8, 2024
Job Description:
CSBS Corporate, Washington, District Of Columbia, United States
of AmericaJob DescriptionPosted Thursday, April 11, 2024 at 4:00
AMThis position is responsible for providing vision, leadership,
oversight, and management of CSBS cyber security policies,
procedures, and practices. He/she directs, coordinates, plans, and
organizes security activities throughout CSBS. Responsible for
managing information security risks that affect the
organization-wide strategic objectives through ongoing risk
assessment. The Chief Information Security Officer (CISO) acts as
the focal point for all communications related to security, both
with internal staff and third parties, and works with a wide
variety of people from different internal organizational units,
bringing them together to manifest controls that reflect workable
compromises as well as proactive responses to current and future
information security risks compliant with relevant laws and
regulations. The CISO also provides thought leadership in
conjunction with his/her engagement in industry and government
forums, and collaboration with state and federal cyber security
experts and practitioners. Guidance, direction, and authority for
information security activities are centralized for the entire CSBS
organization with the CISO.Essential FunctionsTo perform this job
successfully, an individual must be able to perform each essential
duty and responsibility satisfactorily. Reasonable accommodations
may be made to enable an individual with disabilities to perform
the essential functions. Other duties may be assigned to meet
business needs.
- Member of the Senior Leadership Team (SLT) - The SLT is a group
of peers with individual leadership roles at CSBS and a commitment
to working across business units to achieve organizational goals.
SLT members collaborate to ensure priorities and resources are
aligned to successfully implement CSBS strategies. They are
responsible for delivering on those strategies while also
demonstrating our values to reinforce a positive and collaborative
CSBS culture.
- People Manager - At CSBS, people managers lead and engage staff
to maximize organizational performance. Understanding and
implementing the organization's strategies, people managers lead
their teams through change with a focus on CSBS' mission and vision
and a commitment to our VIBE. People managers actively participate
in the growth and development of their teams - delegating
responsibility effectively and providing timely and actionable
feedback on performance. Responsible for planning and organizing
their team's activity, people managers are also responsible for
creating a positive employee experience while developing
high-performing and innovative teams.
- Develop an information security vision and strategy that is
aligned to organizational priorities and enables and facilitates
the organization's business objectives, and ensures senior
stakeholder buy-in and mandate.
- Develop and maintain the CSBS strategic security program and
plan, taking into consideration business, fiduciary, and legal
requirements, risk (likelihood and impact), and criticality; and
building consensus among stakeholders. Monitor the effectiveness of
the information security program and make recommendations for
improvements.
- Develop and enhance an up-to-date information security
management framework based on the National Institution of Standards
and Technology Cyber Security Framework.
- Develop, maintain, and enforce CSBS' cyber security policies
and practices designed to protect sensitive corporate assets,
ensure data privacy, and comply with laws and regulations,
including the Federal Information Security Management Act (FISMA),
Payment Card Industry (PCI) and the Criminal Justice Information
System (CJIS) and other applicable -security laws.
- Maintain familiarity with AICPA System and Organization Control
Reports such as SOC for Cybersecurity. Conduct periodic audits and
assessments to ensure that the company is meeting its obligations
under these regulations.
- Create a framework for roles and responsibilities with regard
to information ownership, classification, accountability, and
protection of information assets.
- Manage contractors and outsourcers providing technology
services to CSBS, including managed security services,
infrastructure engineering, operations, desktop support, and
software development. Ensure compliance with the appropriate
policies, laws, and regulations.
- Create a risk-based process for the assessment and mitigation
of any information security risk at CSBS consisting of supply chain
partners, vendors, consumers, and any other third parties.
- Work effectively with business units to facilitate information
security risk assessment and risk management processes and empower
them to own and accept the level of risk they deem appropriate for
their specific risk appetite.
- Develop, maintain, and enforce CSBS security policies and
procedures, for example:
- Identification of sensitive data and policies/practices
regarding the identification of sensitive data as well as practices
for information labeling, handling, and storage.
- Personnel security, including role-appropriate pre-employment
background checks and security awareness training, ensuring
necessary and appropriate content and compliance with requirements
for each employee to take the training as well as the frequency of
updated training.
- Network, infrastructure, and application security.
- Ensure technology solutions adhere to appropriate security
practices and meet security requirements, including
Software-as-a-Service (SaaS) contracts, Infrastructure-as-a-Service
(IaaS) contracts, Platform-as-a-Service (PaaS) contracts, and
customized software development solutions.
- Provide guidance and make recommendations to CSBS management
and the Board of Directors with regard to the security
characteristics (i.e., advantages and disadvantages) of various
technologies and business practices.
- Ensure contracts with third parties contain appropriate
security language, including data privacy and protection language
required by state and federal laws. Develop, maintain, and manage a
third-party security assessment program for key vendor
relationships and third-party providers.
- Manage the CSBS incident response plan. Perform incident
response planning, including developing, maintaining, and enforcing
the CSBS incident response plan in addition to managing security
incidents if/when they occur. This would include coordinating
incidents, if applicable, with associated third-party providers
and, if applicable, multiple regulatory organizations and
stakeholders.
- Coordinate, provide leadership and management for security
related audits and inspections. Interface as the primary contact
with state and federal regulators and third-party contractors with
regard to CSBS' security posture and practices.
- Collaborate and liaise with the Chief Privacy Officer to ensure
that data privacy requirements are included where applicable.
- Facilitate a metrics and reporting framework to measure the
efficiency and effectiveness of the program, facilitate appropriate
resource allocation, increase the maturity of the information
security, and review it with stakeholders at the executive and
board levels.
- Brief leadership and the Board of Directors annually, and as
needed, on the security risk posture of the organization.
- Manage the information security budget, ensuring that resources
are allocated appropriately to address the most critical risks.
This includes identifying and prioritizing security initiatives and
working with other leaders in the company to secure funding for
these initiatives.Additional Responsibilities
- Provide thought leadership to industry and government forums
related to cyber security practices, issues, and challenges in the
financial services industry, such as the Executive Leadership of
Cybersecurity. Collaborate with industry and government security
officials on security-related issues and initiatives, including
national security issues impacting the financial services
sector.
- Monitor industry trends for changes in physical and cyber
security threats and implement planning, policy, and procedure
changes in response.
- Contribute to industry and government forums that develop
industry guidance and regulations regarding security
practices.
- Prepare and present security related briefings for senior CSBS
and industry executives as well as state and government
regulators.Minimum QualificationsTo perform this job successfully,
an individual should possess the knowledge, skills, and abilities
listed and meet the amount of education, training and/or work
experience required.Education and Experience
- Master's degree in technology related discipline or a
bachelor's degree with master's equivalent work experience in
information security, privacy, or compliance.
- Industry Security Certification such as a valid and current
CISSP, CISA or CISM certification is desired. Additional
certification in CAP (FISMA), PCI QSA, ITIL, CSA CCSK (Cloud) or
ISO 27001 is desired, but is optional.
- Minimum of 10 years of experience in security is required.
Experience in the role of a Chief Information Security Officer
(CISO)/Chief Security Officer (CSO) of an organization with a
significant "footprint" in the financial services industry
preferred.
- At least 8 years of experience in managing information security
programs in accordance with the Federal Information Security
Management Act (44 U.S.C. 3544), guidance and standards from the
National Institute of Standards and Technology (NIST) and the
Federal Information Processing Standards (FIPS).
- Minimum eight (8) years of management experience.Knowledge,
Skills, and Abilities
- Knowledge of, and experience with, current physical and logical
security issues and best practices in datacenter infrastructure,
networks, end-user computing and applications.
- Knowledge of the cloud computing industry, including
Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and
Infrastructure-as-a-Service (IaaS), including the security and
privacy issues associated with using cloud infrastructure.
- Ability to work calmly during stressful circumstances.
- Strong interpersonal skills and communication skills. Ability
to communicate at the executive level, including CXO level
personnel as well as the CSBS Board of Directors and the SRR Board
of Managers.
- Strong planning and task management skills.
- Strong vendor management skills. Ability to manage and assure
successful delivery from outsourced third-party security and
infrastructure providers.
- Ability to work in collaboration with a variety of stakeholders
to identify and discuss issues.
- Ability to work in fast-paced environment managing multiple
projects driven by multiple deadlines.Requirements
- Must be eligible to obtain or currently possess a U.S.
Government clearance at the Public Trust (NACI) moderate level or
higher.
- Must be an authorized United States citizen.
- Due to the nature of CSBS's business in support of state
financial services supervision, all CSBS employees have the
potential of interacting with confidential information related to
the supervision of financial services companies ("Confidential
Supervisory Information"). As a result, in addition to general
business conflicts of interest, all CSBS employees are expected to
disclose conflicts of interest in financial services companies on
at least an annual basis and to proactively avoid such
conflicts.
- Protect the confidentiality, integrity, and availability of
CSBS information and information systems in accordance with CSBS
policies and procedures.Values Instilled Behaviors for
ExcellenceMember/ Customer Service
- Builds and values relationships.
- Prioritizes work.
- Advocates and advances member's goals.Teamwork
- Gives credit to others.
- Has a "pitch in" attitude.
- Learns from successes and setbacks.Respect/Trust
- Listens and learns from others.
- Speaks the truth even when uncomfortable.
- Honors the expertise of others.
- Recognizes the contributions of others.
- Consults and communicates effectively.
- Desires to make others successful.Ownership/Engagement
- Perseveres through adversity.
- Experiments and takes risks.
- Plans ahead and is forward-thinking.Core Leadership
CompetenciesAchievement Oriented Thinking
- Focuses on prioritization - what must your team really
accomplish and by when.
- Achieves goals of strategic plan.Change Management
- Leads and enables change by demonstrating engagement,
enthusiasm, advocacy and support for the change which includes
being a first adopter.
- Participates throughout the lifecycle of the change.
- Builds a sponsor coalition to drive change success.
- Communicates directly with employees and facilitates open
discussions about the change.
- Understands and manages resistance to ensure adoption.
- Manages own emotions productively to stay in role.
- Handles emotionally charged situations productively and with
empathy.
- Asks for and openly accepts feedback; looks for opportunities
to grow.
- Conducts conversations courageously - hitting difficult issues
head-on with an eye on maintaining relationships.
#J-18808-Ljbffr
Keywords: Conference of State Bank Supervisors, Baltimore , Chief Information Security Officer, Executive , Washington, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...