About Us

　　*New Hires are eligible for a $5,000.00 sign on bonus*

　　Overview

　　Reporting to the Director of Operational Risk, Information Security & Vendor Management, the Information Security Risk Manager is responsible for assisting the Director of Operational Risk, Information Security & Vendor Management with maintaining and continually enhancing the Bank’s information security and second line testing programs. In particular, responsibilities include the development, coordination, implementation, governance, and ongoing management of enterprise-wide policy and controls.

　　Responsibilities

　　Utilize industry experience and knowledge to provide expertise and support to ensure the Bank’s information security program remains in compliance with applicable standards and regulations, including evolving data privacy regulations.

　　Adhere/enhance control testing processes to ensure information security, risk, and vendor management policies are adhered to.

　　Assist with the management of cyber security compliance functions including reporting on gaps, variances, and the assessment and disposition of cyber risk. Assist with completion and maintenance of the Bank’s FFIEC Cybersecurity Assessment Tool and IT Risk Assessment.

　　Perform assessments of the current information security and Information Technology framework and develop guidance that addresses gaps.

　　Assist with development, evaluation, and adherence to IT, risk, and information security policies, standards, and procedures. Socialize policy & control recommendations to stakeholders across the enterprise in order to gain acceptance.

　　Support the completion of risk assessments of IT processes and products to ensure that they align with Bank policies and objectives.

　　Participate in information security, vendor management, and risk related projects and initiatives.

　　Assist with the collection and review of vendor due diligence materials in line with GLBA and TSP regulatory guidance.

　　Assist with tracking and resolution of internal audit and examination findings related to risk, information security, and vendor management.

　　Maintain and effectively utilize the Bank’s Enterprise Risk Management Software System.

　　Assist with the annual facilitation of Incident Response tabletop exercises.

　　Organizes daily department activities and supervises Information Security staff. Conducts performance reviews and provides for ongoing guidance, training, and direction to staff in developing and implementing plans and objectives.

　　Stays up to date on industry trends, represents the Bank through active participation in community and industry organizations, and participates in user groups and conferences, as needed.

　　Performs related and unrelated duties as may be required.

　　Requirements

　　5+ years of experience in Bank-specific information security, risk, and/or audit areas

　　Bachelor’s degree

　　Comprehensive knowledge of technology auditing process, GLBA compliance requirements, and technology risk assessments

　　Internal Audit, IT Assurance, and/or FDIC/OCC Regulatory experience required

　　Working knowledge of applicable laws, regulations, and standards relating to security, data privacy, and vendor management

　　Knowledge of bank operations and bank technology applications

　　Effective communicator, relationship builder, and advocate for sound risk mitigation practice

　　Strong organizational skills

　　Management and supervisory experience required

　　Middlesex Savings Bank is an EO/AA Employer: Min/Fem/Vet/Disabled

　　Connect With Us! (https://jobs-middlesexsavings.icims.com/jobs/4901/information-security-risk-manager/job?mode=apply&apply=yes&in_iframe=1&hashed=1374627965)

　　Your application choices are:

　　Location US-MA-Westborough

　　Req # 4901

　　Category IT/Operations - Information Security

　　Position Type Full Time

　　Standard Working Hours Monday - Friday 8:00am to 5:00pm