IT Security Program Officer
Needham Bank
Needham, MA
- Full-Time
Job Description
Company Info
Responsible for the Bank's IT security program, oversight as well as day-to-day maintenance of IT security functions including risk assessments, security reports, vulnerability management program, user permissions management, and business continuity planning and maintenance.
ESSENTIAL DUTIES & RESPONSIBILITIES
- Serve as IT liaison for federal examiners, external and internal auditors
- Responsible for ongoing development of IT Risk Assessments, Continuity Planning and documentation
- Align IT security goals with FFIEC standards and the NIST Cybersecurity Framework
- Annually review, and administer FFIEC Cyber Security Self Assessment Test (CAT) and Ransomware Self Assessment Test (R-SAT)
- Developing and administer ongoing program for data leakage prevention & protection (DLP)
- Review key systems daily for IT security exceptions: vulnerability scanning, antivirus, data backup, replication. Report exceptions to management
- Oversee the bank's incident response program
- Responsible for vulnerability management program including asset and vulnerability discovery, risk prioritization, patch management reporting, remediation and exception tracking. Provide monthly report to IT management
- Responsible for monthly security assessment of network perimeter systems and the testing of externally facing assets
- Responsible for software asset management including the tracking of the purchase, utilization, version upgrade, and disposal of software applications
- Responsible for user permission management and permission reviews with lines of businesses.
- Responsible for reviews of application access and privileges with lines of business
- Responsible for assembling the business continuity and disaster recovery documentation. Maintain and distribute the written BCP/DR plan to line of businesses
- Schedule and report on business continuity testing as determined by the BCP testing matrix
- Support IT risk assessments data and documentation collection and assist with IT risk assessments.
- Administer and monitor social engineering testing; provide monthly reports to the supervisor.
- Coordinate cybersecurity education to end users.
- Perform additional duties as requested, needed or assigned.
Create or sign into a ZipRecruiter account, and then apply on the company site¹
You Already Have an Account
We're sending an email you can use to verify and access your account.
If you know your password, you can go to the sign in page.