Community Development Banking List
02-22-2010, 10:46 PM
Original message from: EStewart@ncb.coop
NCB HAS AN OPENING FOR AN INFORMATION SYSTEM SECURITY OFFICER ON THE RISK
MANAGEMENT TEAM IN ITS CRYSTAL CITY, VA LOCATION:
The Information System Security Officer will be providing management
with an independent monitoring of IT operations. This would be
facilitated through the establishment of formal documented controls;
monitoring and reporting of adherence to the controls; assessing the
need for and advising IT operations on the implementation of new
controls and ensuring controls are in compliance with regulatory
requirements (i.e. Gramm-Leach-Bliley, Sarbanes-Oxley, and Business
Continuity/Disaster Recovery)
Conduct Monitoring of IT Controls (i.e. segregation of duties, IT
general controls, policies, procedures, standards, and compliance with
the FFIEC, etc.) (25%)
Develop and determine monitoring controls
Establish a schedule for monitoring controls
Conduct monthly reviews for adherence to IT Standards and controls
Review Privileged and Non-Privileged User account activity
Conduct quarterly Access Control Reviews
Review Daily Security Reviews of Network Security Managers
Develop processes to monitor changes in IT control environment and
adjust monitoring appropriately
Monitor changes to critical system files using available tools
Report assessment of control effectiveness to IT management
With input from IT operations, develop and report on IT operational
benchmarks
Monitor compliance with service level agreements
Facilitate the Bank’s Annual Information Security Risk Assessment (20%)
Conduct and update annually an Information Security Risk Assessment
Identify and understand risks to the confidentiality, integrity, and
availability of information and information systems
Rank of risks and develop strategies to mitigate those risks
Facilitate the Bank’s Annual Gramm Leach Bliley Act (GLBA) Risk
Assessment and Maintain the GLBA Electronic and Paper Inventories (20%)
Conduct an annual GLBA risk assessment for non-public personal
information
Coordinate timely documentation of control measures with assistance from
appropriate department supervisors
Maintain and update quarterly the GLBA electronic inventory with all
electronic devices added, removed, or reconfigured and paper inventory
Prepare the annual report on the status of the GLBA Program to the Board
of Directors
Facilitate the Bank’s Business Continuity/Disaster Recovery Planning and
Testing (20%)
Develop, implement, test and update the Business Continuity Plan and
Procedures in accordance with the Federal Financial Institutions
Examination Council’s Business Continuity Planning Booklet
Conduct an annual Business Impact Analysis and Business Continuity Risk
Assessment
Coordinate the annual update of the Disaster Recovery Plans
Coordinate timely documentation of security incidents from appropriate
employees and IT personnel
Prepare the annual report on the Business Continuity Program Events to
the Board of Directors
Facilitate IT Internal & External Audits and Regulatory Examinations
(10%)
Coordinate timely submission of requested information in preparation for
internal and external audits and regulatory examinations
Coordinate and monitor timely responses from IT operations to internal
and external audits, regulatory examination, and review findings
Coordinate policy, procedural and/or process changes to prevent
re-occurrence of findings
Assist IT operations in deficiency remediation and process improvement
Coordinate Security Awareness Education and Training throughout the Bank
(5%)
Conduct Annual Security Awareness Training and additional educational
awareness throughout the year
Ensure employees are made aware of their responsibilities with respect
to network security and their handling confidential information
University Degree specializing in computer science or related; 5-7
minimum years relevant work experience in IT operations, IT control
design and/or information systems security, Certified IS Auditor (CISA)
and/or Certified Information Systems Security Professional (CISSP),
knowledge of Sarbanes-Oxley, Gramm-Leach Bliley, and Business
Continuity/Disaster, familiarity with Federal Financial Institution
Examination Council (FFIEC) IT guidance, recovery compliance
requirements, proven knowledge of Microsoft Windows, SQL Server,
ASP.NET, Lotus Notes, Java, HTML, Cisco security protocols and/or
firewalls, Tripwire, and Microsoft Windows Visio, strong project
management and leadership skills, strong documentation skills, ability
to effectively communicate with IT and non-IT personnel.
Applicants should send their resume and cover letters to the attention
of Diahann Smith at dsmith@ncb.coop
NCB HAS AN OPENING FOR AN INFORMATION SYSTEM SECURITY OFFICER ON THE RISK
MANAGEMENT TEAM IN ITS CRYSTAL CITY, VA LOCATION:
The Information System Security Officer will be providing management
with an independent monitoring of IT operations. This would be
facilitated through the establishment of formal documented controls;
monitoring and reporting of adherence to the controls; assessing the
need for and advising IT operations on the implementation of new
controls and ensuring controls are in compliance with regulatory
requirements (i.e. Gramm-Leach-Bliley, Sarbanes-Oxley, and Business
Continuity/Disaster Recovery)
Conduct Monitoring of IT Controls (i.e. segregation of duties, IT
general controls, policies, procedures, standards, and compliance with
the FFIEC, etc.) (25%)
Develop and determine monitoring controls
Establish a schedule for monitoring controls
Conduct monthly reviews for adherence to IT Standards and controls
Review Privileged and Non-Privileged User account activity
Conduct quarterly Access Control Reviews
Review Daily Security Reviews of Network Security Managers
Develop processes to monitor changes in IT control environment and
adjust monitoring appropriately
Monitor changes to critical system files using available tools
Report assessment of control effectiveness to IT management
With input from IT operations, develop and report on IT operational
benchmarks
Monitor compliance with service level agreements
Facilitate the Bank’s Annual Information Security Risk Assessment (20%)
Conduct and update annually an Information Security Risk Assessment
Identify and understand risks to the confidentiality, integrity, and
availability of information and information systems
Rank of risks and develop strategies to mitigate those risks
Facilitate the Bank’s Annual Gramm Leach Bliley Act (GLBA) Risk
Assessment and Maintain the GLBA Electronic and Paper Inventories (20%)
Conduct an annual GLBA risk assessment for non-public personal
information
Coordinate timely documentation of control measures with assistance from
appropriate department supervisors
Maintain and update quarterly the GLBA electronic inventory with all
electronic devices added, removed, or reconfigured and paper inventory
Prepare the annual report on the status of the GLBA Program to the Board
of Directors
Facilitate the Bank’s Business Continuity/Disaster Recovery Planning and
Testing (20%)
Develop, implement, test and update the Business Continuity Plan and
Procedures in accordance with the Federal Financial Institutions
Examination Council’s Business Continuity Planning Booklet
Conduct an annual Business Impact Analysis and Business Continuity Risk
Assessment
Coordinate the annual update of the Disaster Recovery Plans
Coordinate timely documentation of security incidents from appropriate
employees and IT personnel
Prepare the annual report on the Business Continuity Program Events to
the Board of Directors
Facilitate IT Internal & External Audits and Regulatory Examinations
(10%)
Coordinate timely submission of requested information in preparation for
internal and external audits and regulatory examinations
Coordinate and monitor timely responses from IT operations to internal
and external audits, regulatory examination, and review findings
Coordinate policy, procedural and/or process changes to prevent
re-occurrence of findings
Assist IT operations in deficiency remediation and process improvement
Coordinate Security Awareness Education and Training throughout the Bank
(5%)
Conduct Annual Security Awareness Training and additional educational
awareness throughout the year
Ensure employees are made aware of their responsibilities with respect
to network security and their handling confidential information
University Degree specializing in computer science or related; 5-7
minimum years relevant work experience in IT operations, IT control
design and/or information systems security, Certified IS Auditor (CISA)
and/or Certified Information Systems Security Professional (CISSP),
knowledge of Sarbanes-Oxley, Gramm-Leach Bliley, and Business
Continuity/Disaster, familiarity with Federal Financial Institution
Examination Council (FFIEC) IT guidance, recovery compliance
requirements, proven knowledge of Microsoft Windows, SQL Server,
ASP.NET, Lotus Notes, Java, HTML, Cisco security protocols and/or
firewalls, Tripwire, and Microsoft Windows Visio, strong project
management and leadership skills, strong documentation skills, ability
to effectively communicate with IT and non-IT personnel.
Applicants should send their resume and cover letters to the attention
of Diahann Smith at dsmith@ncb.coop