Information Security & Technology Risk Manager
CoBiz Financial (www.cobizfinancial.com) is a multi-billion dollar financial services company that serves the complete financial needs of businesses, business owners and professionals in Colorado and Arizona. The company provides commercial banking services through Colorado Business Bank and Arizona Business Bank; wealth planning and investment management through CoBiz Wealth Management, and trust services through CoBiz Trust; property and casualty insurance brokerage and employee benefits through CoBiz Insurance; investment banking services through Green Manning & Bunch; and executive benefits consulting and wealth transfer services through Financial Designs Ltd.
CoBiz Financial is currently seeking an Information Security & Technology Risk Manager for our IT Department. We offer a friendly, professional work environment, an excellent starting salary and an outstanding benefit package, including health, dental, vision, 401(k), tuition assistance, computer purchase and stock purchase plan. A free EcoPass is offered to all Denver employees.
General Purpose:
Responsible for planning, design, and implementation of security policy, procedures, standards and the supporting technical systems to establish the security of company’s Information Technology systems and data. Advises corporate management by providing functional expertise concerning all aspects of security, integrity and privacy of corporate systems and data resources. Also holds responsibility for the development, administration an enforcement of all IT Compliance, Business Continuity and Risk Management programs within company. Participates in risk management initiatives and the establishment of annual risk management goals. Identifies, reports and monitors all forms of technology risk.
Essential Functions:
t Establishes and leads an Information Security team comprised of key individuals from the IT organization and business groups, designed to identify key security strategies that meet the needs of the business, comply with regulatory and best practices and that leverage available technology.
t Oversees the implementation and documentation of information security policies and procedures.
t Provides direct information security training to all employees, contractors, alliances, and other third parties.
t Initiates, facilitates and promotes activities to foster information security awareness within the organization.
t Monitors compliance with the organization's information security policies and procedures among all employees, contractors, alliances, and other third parties, and refers problems requiring remediation to appropriate department managers or administrators.
t Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.
t Performs information security risk assessments and serves as the internal auditor for information security processes.
t Ensures preparation and maintenance of the organization's disaster recovery and business continuity.
t Acts as an internal consultant to all areas of the organization, providing expertise and advice on the security components of information systems and emerging information technologies.
t Monitors changes in legislation and accreditation standards that affect information security and privacy.
t Manages IT Compliance Programs to include GLBA, HIPPA and PCI.
t Reviews, documents and evaluates system and application level internal controls in a wide range of computer environments and software packages.
t Performs risk exposure monitoring and reports all systems and applications.
t Manages the process of granting rights to all users and groups on corporate systems. Ensures that monitoring systems are in place to detect security violations.
t Primary responder to internal and external threats to systems security.
t Regularly monitors system and application logs for security events.
t Works with network analysis and intrusion detection tools to proactively maintain the network security posture.
t Performs quarterly enterprise security scans to audit security posture of enterprise network infrastructure.
¨ Exercises awareness in regard to possible suspicious activity, money laundering or fraudulent behavior and reports any such incidents to the BSA Department and/or Internal Audit Director as appropriate.
¨ Performs job functions in compliance with all company policies and federal/state rules and regulations as applicable to the position.
Other Functions:
¨ Assists with research and recommendations of new or upgraded network security-related applications and reports.
¨ Creates and maintains Standard Operating Procedures (SOP).
¨ Aids in end user training.
¨ Assists in the completion of special projects.
¨ Other duties as assigned.
Supervisory Duties:
Direct Reports: 3 Indirect Reports: 0
Job Qualifications:
Knowledge, Skill and Ability:
¨ Understanding of HIPAA and PCI compliance.
¨ Basic working knowledge of network topologies and protocols.
¨ Basic working knowledge of Cisco PIX Firewall, Secure Computing SideWinder Firewall and other network security systems.
¨ Basic working knowledge of Windows (NT 4.0/2000/2003) and AS400 server configurations.
¨ Basic working knowledge of PC operating systems and desktop applications (MS Office 2000/2003).
¨ Ability to effectively communicate verbally and in writing with personnel at all levels within the organization, as well as outside vendors/contacts.
¨ Ability to prioritize work and handle multiple tasks, both long and short term, simultaneously in a fast paced, diverse and growth-oriented environment.
¨ Ability to identify deficient processes/procedures and to develop and implement secure solutions.
¨ Proven self starter.
¨ Strong communication, presentation, client servicing and writing skills.
¨ Ability to maintain a high level of confidentiality.
¨ Ability to work under tight deadlines.
¨ Ability to work flexible hours.
Education or Formal Training:
¨ Bachelor degree in Computer Science, Engineering or related field.
Experience:
¨ Minimum eight years working in the technology risk and security sector with at least four years in the financial services industry.
¨ Experience with GLBA and FFIEC compliance and remediation.
¨ Experience with information security management and remediation.
¨ Experience with business continuity principles and practice.
Working Environment / Physical Requirements/Activities:
General office environment; therefore, must have the ability to operate Bank office machines/equipment with hands and the ability to use and type on computer keyboard. Must also have the physical ability to use the telephone. Must understand questions/concerns raised by parties involved, in person and over the telephone. Must be able to read job-related documents. Must have the physical ability to stoop, bend and lift, push, pull or carry up to forty pounds. Must have the ability to transport self to outlying locations, including limited overnight travel.
