Job Description
Job Description
Summary
The ISO will be responsible for protecting the bank's sensitive data, ensuring compliance with regulatory requirements, and mitigating risks in an evolving threat landscape. This role requires a strategic thinker with deep expertise in banking regulations, including mandatory experience in FDIC examinations and audits for mid-sized banks. The ideal candidate will foster a culture of security awareness while implementing robust frameworks to safeguard our operations, customers, and assets.
Responsibilities
- Develop, implement, and maintain the bank's information security policies, procedures, and standards in alignment with regulatory requirements and industry best practices.
- Lead risk assessments, vulnerability management, and security incident response efforts, including coordination with internal teams and external partners during security incidents.
- Oversee the design and execution of security controls for IT systems, networks, cloud environments, and third-party vendors.
- Conduct regular security audits, IT risk assessments, penetration testing, and compliance reviews to identify and remediate potential weaknesses.
- Collaborate with senior leadership to integrate security into business processes, including new product launches and technology acquisitions.
- Manage security awareness training programs for employees and ensure ongoing education on emerging threats.
- Prepare and present reports on security metrics, risks, and compliance status to executive management and the board of directors.
- Manage the business continuity/disaster recovery program for the Bank, including annual tabletop exercises.
- Stay abreast of evolving cyber threats, regulatory changes, and technological advancements to proactively enhance the bank's security posture.
- Coordinate with regulators during examinations and audits, ensuring timely response to findings and implementation of corrective actions.
Minimum Qualifications
- Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred.
- Minimum of 7-10 years of experience in information security, with at least 3 years in a leadership role within the banking or financial services industry.
- Proven experience with FDIC examinations, including preparation, participation, and follow-up on findings for banks with assets in the $1-2 billion range.
- Demonstrated expertise in conducting and managing other relevant audits, such as financial statement audits, IT general controls audits, and compliance reviews typical for mid-sized community banks (e.g., under GLBA, FFIEC guidelines, and BSA/AML frameworks).
- Hands-on experience implementing cybersecurity frameworks, including CRI Profile of NIST Cybersecurity Framework (CSF) 2.0 and CIS 8.1, with a track record of mapping controls to regulator requirements.
- Professional certifications such as CISSP, CISM, CRISC, or equivalent.
- Strong knowledge of security technologies, including firewalls, intrusion detection/prevention systems, encryption, and endpoint protection.
- Excellent communication skills, with the ability to translate complex technical concepts to non-technical stakeholders.
- Ability to work in a fast-paced environment and manage multiple priorities effectively.
- Strong organizational time management skills, problem solving skills, and the ability to quickly grasp concepts and processes with limited guidance from management.
- Strong written and verbal communication skills.
- Must be able to work in a team environment with the ability to interact well, and in a positive manner, with co-workers and management.
- Strong written and verbal communication skills
- A positive and collaborative approach with both peers and management
- Versatility, flexibility, and a willingness to work on consistently changing priorities with enthusiasm
ADDITIONAL INFORMATION
Reporting Structure: Reports to the SVP, Chief Information Officer
Office Requirements: This position is required to be in the office 5 days per week. The position is open in the Denver and Salt Lake City Markets.
About Fortis Bank
Fortis Bancorp is the $1.3 billion bank holding company for Fortis Bank. Fortis Bank is a full-service bank that provides loans, deposits, and cash management services to businesses and their principals, with branch locations in Colorado and Utah. More information about Fortis Bank is available at www.fortisbankus.com.
At Fortis Bank, we pride ourselves in being a partner to our clients by offering comprehensive banking solutions while building trusted, long-term relationships.
Every role at Fortis is connected to our company strategy and can drive high impact. Each of our hand-selected and talented team members work closely together to contribute to the heart of our company culture that combines banking expertise and personalized service to create an unparalleled client experience.
We recognize, reward, and develop those individuals who make an outsized impact to our client experience and are committed to driving our business forward.
Fortis is Great Place to Work-Certified™
Join a team where your expertise and passion can make a meaningful impact.
Learn more today at https://www.fortisbankus.com/working-at-fortis.
