Information Security Officer

Company Name:
HarborOne Bank
Responsible for determining enterprise information security standards and compliance with the requirements of the /Gramm-Leach-Bliley Act/. Responsible for the adequacy of and monitoring of information security within the organization. Analyzes information security systems and applications, recommends security measures to protect information against unauthorized modification or loss. Oversees the institution's Business Continuity and Disaster Recovery Plan and documentation. Coordinates the development of policies, procedures and guidance to establish, implement, maintain and oversee HarborOne's Information Security Program, which includes the requirements of the /Gramm-Leach-Bliley Act/ . Monitors user access controls for all applicable bank systems. Acts as primary vendor liaison responsible for maintaining vendor relationship, contracts, contact information and keeping up-to-date on vendor initiatives, as they pertain to IT security and Disaster recovery. Responsible for the overall strategic development, evaluation, and enhancement, of the Vendor Management Program, its policies, processes, best practices and tools used to direct the vendor lifecycle from selection to contract expiration.
1. Responsible for the continued development, review, maintenance, delivery, and management of a comprehensive Information Security Program, including the requirements of the /Gramm-Leach-Bliley Act/ . Must establish and implement procedures to regularly test IT system resource security controls. Develop, maintain and deliver polices as they relate to Information Security to all employees and the Board of Directors. Ensures that Information Security Program components are fully understood by all employees and adhered to through regularly security awareness training and communications.
2. Reports to the Operational Risk Committee and the Risk Management Committee on the status of the Information Security Program and matters involving potential or actual IT security incidents. Researches and disseminates information on IT security matters and concerns.
3. Manages the Bank's Business Continuity Plan (BCP) program and documentation. Ensures that contingency and disaster recovery plans are developed and maintained for all IT system resources and business processes; reports variances to the Information Technology Security Committee and the Operational Risk Committee. Assists the VP TSG in testing of BCP on regularly scheduled basis. Acts as primary plan administrator and is a member of the incident response team.
4. Coordinates with the VP TSG to ensure application user access controls and security of third party systems are appropriately managed and that BCP planning and IT Risk assessments are performed within the business units.
5. Manages and coordinates risk analyses for IT system resources to ensure that the balance of risks, vulnerabilities, threats and countermeasures achieve a level of risk that is acceptable based upon the criticality of the individual systems.
6. Performs required security reviews for any and all proposed or new technologies that will be introduced to the Bank and completes IT Security Audits on all high-risk technologies annually.
7. Works with the VP TSG to insure that server and computer antivirus and patch management processes conducted by IT department staff are completed timely and accurately and that identified issues are addressed. Assists with firewall technology, network security enhancements and changes. Reviews firewall reports for vulnerabilities and incidents, providing executive reports to Senior Management.
8. Provides guidance and technical assistance to management, including analysis, evaluation and recommendations for approval of IT system resource security plans and requirements for IT system resource security.
9. Acts as the central point of contact for IT security related incidents, violations or potential threats. Investigates any incidents or possible threats and violations. Works with law enforcement officials in IT security related investigations. Responsible for reporting all incidents to the Technology Risk Committee and the FDIC.
10. Coordinates with Security Officer on security matters of mutual interest
11. Manages the Vendor Management Program. Ensures that the Bank is in compliance with all vendor management regulations and guidelines. Provides strategic insight into Vendor Management best practices and industry trends to build Program enhancements by expanding knowledge base. Coordinates with business units to ensure the Vendor Management program is followed. Develops, maintains and delivers polices as they relate to Vendor Management, including the vendor due diligence assessment structure.
12. Attends and is a member of Information Technology Security and Operational Risk Committees to represent and report on the areas of information security, vendor management, business continuity planning, and the business initiative due diligence process.

Performs related and unrelated duties as may be required.
Bachelors degree or its equivalent in technology field with specialized training in information security, business continuity planning and network operating systems as well as exposure to project management, computer operations, TCP/IP, security systems (firewalls, and other hardware or software), technology planning, risk management and network administration. Must have solid grasp of current technologies and security initiatives. Relies on extensive experience and judgment to plan and accomplish goals. Strong project and time management, problem solving and communication skills required. Security and BCP certifications recommended. Attendance in office during normal business hours (at minimum) may be required in order to effectively coordinate with multiple departments, projects and outside entities.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.