Job Purpose:

This position is responsible for establishing and coordinating information security efforts, privacy efforts, and business resumption planning across the company, including managing security, compliance and compliance monitoring. Additionally, this position is a key partner for the Information Technology department in ensuring that activities are completed in a coordinated fashion and in a timely manner. Responsible for the leadership and management of the Information Security Team.

Job Duties:

• Develops and maintains the company's information security program, ensuring compliance with all relevant regulations and best practices.
• Maintains, coordinates, and supports the company's enterprise-wide business resumption plan and testing thereof.
• Maintains, coordinates, and supports the company's privacy efforts, including compliance with various laws and regulations, including but not limited to the Gramm-Leach-Bliley Act of 1999 (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) and relevant FFIEC guidance.
• Proactively monitors, evaluates, and implements best practices related to enterprise information security practices. Provides internal guidance with respect to company response to emerging information security threats both internally and externally.
• Ensures the completion of daily reviews of various logs and reports relating to information security and ensures appropriate follow-up action is taken.
• Implements risk management policies and standards relevant to the aforementioned items.
• Evaluate effectiveness of information security, privacy and business continuity planning programs and procedures of third parties with whom the company engages as software, hardware and/or service providers.
• Performs risk assessments in information security, privacy, and business continuity/business resumption planning in accordance with schedules as prescribed by regulators and/or industry best practices.
• Oversees user access/provisioning for various systems used by the company.
• Leads Information Security Team. Duties include recruiting, hiring, training, performance monitoring and overall management and leadership of employees.
• Responsible for the preparation and delivery of performance feedback that includes quarterly and annual reviews, developmental action plans, and disciplinary action, as applicable.
• Responsible for creating agendas and conducting regular staff meetings/training sessions/coaching sessions to provide positive feedback with actionable items to ensure individual and group success as well meet department timelines of responsibilities. Lead associates in the Peoples way and culture.
• Leads a cross-matrix team of business, IT, and security professionals to enhance the organization's security posture and develop solutions to maintain compliance with regulatory requirements.
• Works with Information Technology department to protect information assets through the use of appropriate tools.
• Responds to relevant audit and examination requests.
• Will complete special projects as assigned by manager.

Education, Experience and Job Skills:

• Bachelor's degree in Computer Science, Management Information Systems or a related field.
• CISSP, RISC, CISM, or similar level information security management certification.
• Minimum of 3 years of professional experience designing and maintaining information security policies and procedures
• Minimum of 3 years leading IT security projects and teams to develop security and compliance solutions
• Demonstrated experience with various information security frameworks and guidance, including SOX, HIPAA, GLBA, and PCI
• Demonstrated understanding of technical security controls, including secure network architecture, systems security, encryption systems, and database security.
• Effective organizational skills.
• Ability to research regulatory guidance, and independently and proactively research and interpret such guidance and other relevant industry standards. Ability to develop, document and implement appropriate policies and procedures based upon such research and interpretation.
• Effective oral and written communication skills. The ability to work with a broad range of internal and external business partners in a collaborative environment is essential.

Basic Qualifications:

• Bachelor's degree in Computer Science, Management Information Systems or a related field.
• CISSP, RISC, CISM, or similar level information security management certification OR documented progress on work towards completion of such certification is required.
• Minimum of 3 years of professional experience designing and maintaining information security policies and procedures.
• Minimum of 3 years leading IT security projects and teams to develop security and compliance solutions.