We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
First Mid Bank & Trust jobs

Information Security Risk Officer

First Mid Bank & Trust
paid time off, tuition reimbursement, 401(k)
United States, Illinois, Mattoon
1421 Charleston Avenue (Show on map)
Jan 08, 2025




Position:
Information Security Risk Officer



Location:

Any First Mid Location


Job Id:
3921

# of Openings:
1


At First Mid, base salary is one component of our Total Rewards program. Exact compensation is determined by factors such as (but not limited to) education, skills, internal equity, and experience. This position offers additional compensation in the form of short-term incentives (i.e., bonus, incentives, and/or commission). Benefits for this role include comprehensive healthcare, well-being benefits, paid family leave as well as generous paid time off. Total Rewards also include banking perks, tuition reimbursement, an Employee Stock Purchase Plan, and a 401K plan with company match. Incentives and benefits are subject to eligibility requirements.

Reports to the Director of Enterprise Risk Management for enterprise-wide second line of defense information technology and information security risk management validation and monitoring. Partners and collaborates with the Information Security and Information Technology team members to provide effective challenge of information technology and information security processes and with other members of the enterprise risk management team for risk identification and alignment.

Responsibilities include, but are not limited to:


  • Develop, implement, and maintain an Information Security Risk Validation Program to provide guidelines and expectations of second line testing.
  • Develop schedules and materials for monitoring to ensure appropriate oversight and effective communication and reporting to stakeholders.
  • Monitor remediation of IT-related audit and regulatory findings and results of ongoing penetration tests.
  • Assess potential security risks associated with any changes to the organization's IT infrastructure, applications, or business processes.
  • Manage and monitor training and testing of information security knowledge enterprise-wide.
  • Oversee second line of defense IT and Information Security monitoring including, but not limited to:

    • Adherence to IT and Information Security policies and procedures
    • IT and Information Security Controls
    • Anti-virus review
    • Testing and Validation of Information Security Controls
    • IT Hardware and Software asset risk reviews
    • Privileged access reviews (domain admin and O365)
    • User access provisioning and deprovisioning processes


  • Develop and implement appropriate escalation processes when issues are identified during validation procedures and manage an issue tracking log to ensure issues are remediated in a timely manner.
  • Develop, monitor, and manage KRI metrics and risk trends for reporting to management and appropriate committees.
  • Assist with the periodic updates of the IT / Info Sec risk assessments and completion / updates to applicable frameworks.
  • Monitor compliance with Gramm-Leach-Bliley Act (GLBA), FFIEC, NIST and other regulatory requirements as it relates to information security. This includes control verification and reporting.
  • Conduct annual cybersecurity tabletop exercise.
  • Collaborate with the Incident Response Team by coordinating schedules, obtaining status updates, and ensuring execution of action items and post-incident reports.
  • Attend applicable IT-related management committees to stay abreast of events in the IT area, including CAB, Change Management, Compliance, Data Governance, Information Security, etc. Also attend and report testing results to applicable management committees and to the Board of Directors.
  • Respond to requests and inquiries from auditors and regulators during reviews in respective area.
  • Regularly attend training to stay abreast of current information technology and information security issues in the financial services industry.
  • Complete annual training associated with job functions.
  • Performs other duties as assigned.



Qualifications

Education/Experience:


  • Bachelor's degree in business, finance or information systems preferred or commensurate banking experience.
  • 8+ years financial services/banking experience required, with work-related experience consisting of in-depth background working with information technology and/or risk management.
  • Industry Standard Information Security Certifications (CISSP, CISA, CASP+, CySA+)


Skills:


  • A high level of interpersonal skills to communicate policies, procedures, objectives, and identified issues effectively to a diverse range of individuals.
  • A high level of analytical and detail skills.
  • Strong technical skills.
  • Familiarity with banking applications.
  • Experience with network operating systems and PC based operating systems.
  • Proficient in Microsoft Office and the ability to learn advanced software systems.



First Mid Bancshares, Inc. is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, gender identity, sexual orientation, protected veteran status, or any other applicable federal or state-protected classification.

THIS JOB DESCRIPTION DOES NOT CONSTITUTE A CONTRACT FOR EMPLOYMENT

Apply for this Position
Applied = 0
MORE JOBS LIKE THIS

(web-6f6965f9bf-g8wr6)