Information Security Officer - banking or FinTech environment with BAAS - Hybrid

Key Responsibilities and Accountabilities The Information Security Officer’s Key Accountabilities include, but are not limited to the following: Maintain, update, and implement policies, programs, risk assessments and procedures (including, but not limited to the Cybersecurity Assessment Tool, Information Security Policy and Program, Third-Party Risk Management Program, and the Cybersecurity Monitoring Policy) to assure that information security risks are identified, monitored, measured, and reported. Identify security deficiencies and apply appropriate corrective action, and report on results. Report to the ITSC on information security issues including the risk assessment; risk management and control decisions; service provider arrangements; results of testing; security breaches or violations, and management’s responses; and recommendations for changes in the information security program. Advise management when changes to the system components, environment, or location are planned. Analyze tests implemented by independent third-parties of physical, technical and administrative security measures (including penetration tests, vulnerability analysis and network traffic analysis). Monitor testing of business continuity plans to validate availability of critical processes and incorporate that information into the risk assessment. Oversight of each third-party’s IT and cybersecurity stature. Verify that users’ access requests are properly approved and adjusted for changes in employment status including new hires, transfers and terminations. Implement and monitor users’ information security training on the information security risks and controls based upon their roles. Monitor and respond to events discovered by Security Information and event Management (SIEM), Intrusion Detection Services (IDS), and Anti-Virus application. Assist Director of Information Technology in the development and continual enhancement of the Bank’s Information Security program used to maintain security of the Bank Information Systems. Develop and maintain the documentation for Information Security Policies, Procedures, and Standards. Stay current with information security & Fraud trends and provide threat intelligence in the areas of intrusion techniques, social engineering, technology and security solutions by researching security resources. Advise Chief Information officer and SVP, Retail, BAAS & Channel Tech on applicable trends and recommended solutions. Serve as subject matter expert (SME) on integration of information security technologies and controls within a common security reporting system. Review vendor patch deployment for operating systems, applications and other software and hardware on a monthly basis. Respond to and work with internal and external auditors and regulators to maintain the information security program. Assist in the development of an information technology risk management process that supports the Bank’s enterprise-wide risk management framework for new and existing products and services. Manage and perform annual Incident Response Program and ensure the program is in compliance with industry best practices and regulatory guidance. Participate on the monthly conference calls with FS-ISAC/ Community Institution Council (CIC). Monitor FS-ISAC and US-CERT Alerts to provide recommendations on the ones that are applicable to Axiom Bank, and Other duties as assigned. Supervision of Personnel None Working Conditions This position is performed in a regular office work environment. Will require bending and reaching, and will spend considerable time in front of a computer screen and analyzing information; may require lifting up to 50 lbs. The incumbent will be expected to be able to work Monday through Friday and work will mainly be performed at the Maitland location; occasional evening and weekend work will be required. Flexibility with work location and hours may be granted if circumstances permit. Qualifications Summary Education Bachelor’s Degree in business information systems/computer science or equivalent. Certification from a nationally recognized (i.e. Certified Ethical Hacker (CEH) or Certified Information Systems Security Professional (CISSP)), information security organization is required. Experience 7-10 years’ experience with Information Security, preferably in banking related industry. Experience with bank core systems preferred. Knowledge & Skills: Technical system controls including access rules, authentication, encryption and configurations. Physical controls including locks, fences and combinations. Knowledge in applicable banking compliance regulations (i.e. FFIEC Cybersecurity assessment, Patch Management, etc.) Knowledge in administrative controls including segregation of duties. Knowledge of network related protocols (e.g., TCP/IP, UDP, IPSEC, routing protocols) Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits. Understanding of SAS70/SSAE18/PCI reports, UCC documentation and control measures. Hands-on technical knowledge of Microsoft Windows Server and Desktop operating system and application software. Demonstrated ability to gather, review, and analyze forensic evidence during investigations preferred. Strong Interpersonal skills in an internal customer service focused function a must Ability to perform network vulnerability scans using network penetration and assessment tools. Ability to run security reports for common banking applications and core banking systems Ability to confidentially manage security incidents and act independently in the conduct of investigations under the direction of the Chief Compliance Officer and the Director of Information Technology. Must be able to meet deadlines and resolve problems in a timely manner. Must be willing to learn and cross-train employees Must remain well versed in security industry trends and security threats Must be self-motivated and capable of acting independently Other Duties - Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Location: Palma Ceia, FL, US

Posted Date: 2/5/2025