Information Security Administrator-CA Hybrid Remote Eligible

    • Job Tracking ID: 512568-819477
    • Job Location: Goleta, CA
    • Job Level: Any
    • Level of Education: Any
    • Job Type: Full-Time/Regular
    • Date Updated: 09/23/2022
    • Years of Experience: Any
    • Starting Date: 10/08/2022
Invite a friend
facebook LinkedIn Twitter Email


Job Description

At Community West Bank, we put deposits to work locally, making loans to businesses, families and non-profit organizations. We are the largest publicly traded and only community bank headquartered and serving California’s Central and South Coast area of Ventura, Santa Barbara and San Luis Obispo counties, with full-service branches in Goleta, Oxnard, Paso Robles, San Luis Obispo, Santa Barbara, Santa Maria, and Ventura. We were named one of the Central Coast Best Places to Work by the Pacific Coast Business Times, and we love working here and think you may too!

As an integral member of the Risk Management Department Community West Bank, this position will provide extraordinary customer service to our internal team members and external customers, exemplifying the Bank’s values and our dedication to quality and service. This position will have direct responsibility as a Risk Management team member to assist in the accomplishment of the Department Business Plan goals and objectives. This position will elevate the team as a member of the Bank’s high performance culture that emphasizes empowerment, quality, productivity, ethical standards, goal attainment and the ongoing development of CWB’s vision to become the bank of choice, providing an unparalleled experience for our clients, employees, and community.

JOB OVERVIEW/PURPOSE

The Information Security Administrator is supports the planning, design and enforcement of information security risks, policies and guidelines, and performs comprehensive information security risk assessments. This position identifies, assesses and collaborates to mitigate information security related risks, and adjusts risk framework elements (policies, procedures, & technologies) to integrate them into the enterprise risk management program. This position ensures the Information Security Program is maintained. This position will partner with IT groups, business groups and project teams to perform security risk analysis for applications, infrastructure and data elements while also ensuring components meet business needs. Supports the Cybersecurity Program and the Cybersecurity Incident Response Team. Develops training and provides guidance on complex issues related to cybersecurity, information security and/or technology. Keeps current of new regulatory requirements and supports policies and procedures to ensure compliance and consistency. Researches, analyzes and recommends new cyber risk and information security technologies, procedures. This position performs all essential duties in compliance with regulatory requirements as well as Bank policies and procedures.

Essential Duties

* Maintains and enforces the information security and cybersecurity risk management frameworks/methodologies
* Maintains the Information Security Program and related Information Security Policies, Standards, and Reporting
* Contributes to the development of business unit strategy by providing a view on potential improvement for information security risk and compliance policies and procedures, including an assessment of the existing situation and anticipated changes in the external environment
* Develops and implements effective processes to identify, measure, report, track and remediate information security risk-related issues, inclusive of gap analyses and evaluation of new systems or processes
* Supports the Cybersecurity Incident Response Team: Reviews potential Intrusion Detection events, performs malware analysis, and assesses high severity security events; plans and initiates the response actions as required, and provides updates to management and the Board; coordinates incident investigation and remediation with internal and external resources
* Advises the CRO, ISO, management, and the Board regarding cybersecurity strategy to leverage new technology and cybersecurity frameworks
* Supports the management of the Bank’s CAT (Cybersecurity Assessment Tool), makes recommendations in areas where the controls should be enhanced, or enacts changes within purview
* Reviews user access certifications to verify application entitlements are appropriate for each user’s role and responsibilities
* Provides information security, risk management, technical advice, and counsel to the IT Department
* Supports IT security audits and external third-party assessments (e.g., penetration tests, social engineering assessments, targeted assessments) presenting results to the Audit Committee or the Board of Directors as applicable
* Supports the management of tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with the IT Manager / ISO. Recommends appropriate updates to standards, process and procedures as part of comprehensive remediation
* Serves as an advisor to the Information Technology Steering Committee and the Crisis Management Team
* Develops, provides and oversees information security and cybersecurity training for employees, and provides guidance, direction and education on these functions as well as the latest security strategies and technologies
* Manages the social engineering testing program for the Bank
* Acts as the project lead in strategic projects related to information security and/or cybersecurity as applicable
* Supports and maintains the Vendor Management program: Performs vendor initiation processes, analysis, gathers and assesses documentation, and reports to ISO and CRO.
* Meets response and resolution times as defined in Service Level Agreements and/or service requests, and follows established processes to meet service level commitments
* Completes all required regulatory training as assigned within deadlines established including BSA, Bank Security and any other training as assigned, within required timeframes and on an annual basis
* Cross trains in additional functions of the department
* Other duties and/or projects as assigned by supervisor

Community West Bank is an EEO/AA/Disability/Vets Employer. Reasonable Accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.

Experience and Skills

* Bachelor’s degree, or an equivalent combination of education, training and experience
* Minimum 5 years of related experience, preferably at a financial institution
* Understanding of Security Information and Event System (SIEM) solutions
* Advanced knowledge in information security and assurance practices
* Advanced knowledge of systems principles, architecture, design, analysis, and troubleshooting
* Advanced skills in network design and operation
* Experience with internal data security controls
* Experience with effective risk management practices and principals
* Experience with interpreting and assessing information security-related regulatory standards
* Ability to effectively comprehend and interpret Bank policies and procedures in the work environment
* Ability to work independently and collaborate effectively as a team member
* Ability to exercise good judgment in making decisions
* Ability to work under pressure, prioritize and meet deadlines
* Exceptional follow-through and attention to detail
* Exhibit high degree of professionalism in handling and having access to sensitive information, and protect and maintain that confidential information
* Excellent interpersonal skills to communicate effectively with a wide range of employees and customers.
* Ability to complete tasks within prescribed time frames
* Professional in appearance, and in verbal and written communication
* Proficient with: MS Word, Excel, Outlook, Internet, Visio