Job Type: Full-time
Location: Parsippany, NJ
Summary:
The Chief Information Security Officer (CISO) is responsible for developing and overseeing the Blue Foundry Bank’s enterprise-wide information security strategy, ensuring the confidentiality, integrity, and availability of customer and organizational data, systems, and critical financial assets. The CISO leads efforts to protect the bank from cybersecurity threats, data breaches, and regulatory risks while ensuring compliance with industry standards and banking regulations.
As the primary liaison for information security, you will collaborate with executive leadership, regulatory bodies, internal teams, and third-party vendors to maintain security operations and compliance. You will be responsible for overseeing the development and dissemination of security policies, testing and monitoring their effectiveness, and recommending improvements to align with the dynamic threat landscape.
Additionally, you will lead cybersecurity training initiatives, ensuring the security, confidentiality of customer information, and oversee compliance with financial industry regulations, such as FFIEC guidelines, PCI DSS, and GLBA. By managing cybersecurity budgets and building a high-performing security team, the CISO ensures effective governance of the bank’s information security program, protecting its customers, assets, and reputation.
Minimum/Essential Job Requirements:
Primary Responsibilities
Responsible for identifying, developing, implementing, and maintaining processes across the bank to reduce information and information technology risks.
Oversee components of the Bank’s Cybersecurity Program (IRM Program), including technological and logical controls, governance/policies and operational procedures and determine their adequacy and effectiveness
Perform annual review as required by the Bank for components of the existing Cybersecurity Program (IRM Program) to include policies, standards, threat assessment, incident response and other documents identified for (periodic) presentation in the Board of Directors.
Perform annual Cybersecurity compliance physical site review in locations required by the program.
Create and maintain the baseline documentation for Corporate File Management and Retention and identify procedures to support policy.
Direct and review data discovery, data classification and data flow analysis and provide updates.
Maintain and review application and system inventory and implementation of appropriate audit reviews.
Monitor, evaluate and maintain the adequacy of existing Cybersecurity Framework, procedures and compliance with existing Cybersecurity Policies
Responsible for responding to incidents, establishing appropriate standards and controls, managing security technologies, and directing the establishment and implementation of policies and procedures.
Monitors access to all systems and maintain access control profiles on computer network and systems. Tracks documentation of access authorizations to all resources.
Researches and investigates measures that address data security risks and potential losses for reporting purposes.
Provide guidance and administration for periodic end-user security-related training as needed to raise awareness and protection against phishing, malware, and other security vulnerabilities.
Responsible for directing and supervising vulnerability assessments and penetration tests.
Responsible for installing, modifying, enhancing and maintaining data system security software.
Additional Responsibilities
Works on determining acceptable risk levels for the bank and ensuring the IT environments are adequately protected from potential risks and threats.
Participates in the development and implementation of the appropriate and effective controls to mitigate identified threats and risks.
Follows-up on detected security issues and implements solutions to reduce security risks
Regularly provides reports regarding the status of the information security program to executive management and the Board of Directors.
Assists in research, development, communication, maintaining and working with the operational units on the enforcement of IT security architecture, policies, procedures, solutions and standards.
Oversees incident response planning as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary
Facilitate and direct tabletop exercises
Supports improved data security awareness and education, including on-call availability.
Responsible for staying abreast of the latest industry security practices and technologies
Meet with department heads to analyze, document and define requirements associated with new development or maintenance and enhancements to existing security roles and permissions. Reviews completed roles/permissions with users to ensure requirements are fully met.
Delivers services that meet regulatory specifications while working with internal and external auditors to document and confirm that all security administrative duties are properly performed as well as demonstrates overall compliance.
Provides guidance as needed on regulatory compliance or investigations.
Responsible for reviewing and evaluating the information security aspects of third-party service providers, vendors, contractors, and other suppliers who have access to company and customer information and systems as they relate to the following:
New and renewal contracts: Review contracts and as necessary ensure they contain appropriate non-disclosure language and security commitments.
Performance: ensure appropriate service level expectations are defined.
Reports: Review and evaluate SOC Reports, regulatory reports, policies, procedures and other documents provided.
Monitor and evaluate security vendor performance against contractual commitments and ensure service level agreements are met.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, LGBTQ, national origin, disability or protected veteran status.