This site uses cookies. To find out more, see our Cookies Policy

Information Security Officer in Rancho Cucamonga,CA at Vaco

Date Posted: 1/29/2019

Job Snapshot

  • Employee Type:
  • Job Type:
  • Experience:
    At least 5 year(s)
  • Date Posted:
  • Job ID:

Job Description


The Information Security Officer (ISO) is an independent enterprise position reporting to the Chief Information Security Officer (CISO). The ISO must have deep knowledge and understanding of business and cybersecurity principals, and extensive experience working with technology and business roles. The ISO is responsible for assessing and reporting on the management and mitigation of information security risks. This includes the management of the IT security and cybersecurity programs, information technology (IT) risk governance, Business Continuity Programs and related charters, policies and procedures in compliance with Bank and regulatory requirements. Interact with auditors, regulators and examiners.

The ISO standards include CONFIDENTIALITY - Confidentiality addresses preserving restrictions on information access and disclosure so that access is limited to only authorized users and services. INTEGRITY - Integrity addresses the concern that sensitive data has not been modified or deleted in an unauthorized and undetected manner. AVAILABILITY - Availability addresses ensuring timely and reliable access to and use of information.

Essential Duties and Responsibilities

Complies with and stays abreast of all policies and procedures, federal and state laws applicable to the job.

The ISO is responsible for conducting self-assessments, identifying, evaluating and reporting on regulatory, and cybersecurity risks in alignment with Bank strategies, business objectives, and priorities. Specific areas will include the information security program, business continuity program, incident management, critical third party vendors, IT regulatory compliance, IT risk assessments, and management reporting at least monthly

Develop and maintain the Security and Cybersecurity, Bank Governance, Risk and Compliance Controls (GRC) for IT Internal Controls' self-assessments

Develop and maintain the information security and cybersecurity Bank policies and procedures.

Develop and maintain security, cybersecurity and business continuity strategies, matrices, maturity models and roadmaps

Develop, maintain, report and respond to all matters related to Information Security and Cybersecurity programs. Ensuring compliance with regulatory, internal and external audit firms

Develop and maintain the information security risk-based program that will identify appropriate security controls for the environment

Develop and maintain the Information Security and Cybersecurity programs/frameworks, policies, and procedures with annual board approvals

Develop, implement and maintain comprehensive security awareness and training programs

Work with cyber analysts and information security teams responsible for the oversight, and reporting of Security and Cybersecurity effectiveness

Co-manage the Business Continuity Program business impact analysis, risk assessments, plans, strategies, process flows, etc. This includes the Bank's Crisis Management and Incident Response and Recovery Program, which are part of the Business Continuity Program.

Maintain the Cybersecurity Assessment Tool, which includes the CAT Inherent Risk Assessment, CAT Maturity Level Assessments and Cybersecurity Framework

Monitor, analyze and report on internal/external threats, cyber-crimes, and critical third-party vendor risks

Work with multiple committees to ensure security and cybersecurity governance and frameworks are incorporated bank wide

Work with management and business units to address information security risks (inherent and residual), review or design diagrams for data and process flow, and implement mitigating controls

Provide, present and promote The Citizens Experience to all external and internal customers.

Other duties as assigned.

Supervisory Responsibilities



To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education and/or Experience

Bachelor's degree (B. A.) from four-year college or university; or one to two years related experience and/or training; or equivalent combination of education and experience.

Certificates, Licenses, Registrations

Degrees, Certification or experience

1) Network, Security or Cybersecurity

2) Cyber Analyst

3) CISM and/or CISA

4) Security Engineer