Job details

Information Security Officer

Job Summary:

The Information Security Officer (ISO) is responsible for developing and implementing a comprehensive information security program for the organization. The ISO is responsible for identifying, evaluating, and mitigating information security risks to the organization, while ensuring that security policies and procedures comply with applicable laws and regulations.

Along with the key functions listed below, this position will be expected to uphold the value that WaFd Bank places on simply being nice when servicing our co-workers and clients.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned:

Develop and implement an information security strategy and program that is aligned with the organization's business objectives and goals.
Identify, evaluate, and help mitigate information security risks to the organization, including risks associated with the use, processing, storage, and transmission of confidential information.
Develop and maintain information security policies, standards, procedures, and guidelines, and ensure that they are regularly reviewed and updated to reflect changes in the threat landscape and regulatory requirements. Develop and manage an information security roadmap, to ensure that investments in security technology and services are aligned with the organization's risk management strategy.
Conduct regular information security risk assessments in accordance with FFIEC and GLBA expectations.
Oversee, monitor, and provide guidance with the implementation and operations of business and technical systems to ensure reasonable information security practices, standards, and policies are followed.
Develop and implement security awareness and training programs for all colleagues and contractors.
Establish and maintain effective relationships with internal stakeholders, external partners, and regulatory agencies, and communicate information security risks and issues to the executive team and board of directors.
Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders, and the board of directors as part of a strategic enterprise risk management program.
Develop and maintain an incident response plan and lead the organization's response to information security incidents, including conducting post-incident reviews and developing and implementing remediation plans.
Actively participate in third party risk management reviews to ensure information security requirements are appropriately being met.
Develop, implement, and maintain the company’s business resiliency program and associated activities.
Partner with various business units to ensure that all information owned, collected, or controlled by, or on behalf of, the company is processed and stored in accordance with applicable laws and other global regulatory requirements.
Stay up to date with the latest information security threats, vulnerabilities, and trends, and provide guidance to the organization on how to respond to emerging threats and risks.

Qualifications:

Education/Skills/Training:

Minimum of five years’ experience within risk management, information security, or information technology leadership roles.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet or exceed objectives in a dynamic business environment.
High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
Sound knowledge of business management, information security risk management, and cybersecurity technologies.
Knowledge and understanding of relevant legal and regulatory expectations, such as FFIEC Guidelines, Section 404 of the Sarbanes-Oxley Act, and the Gramm-Leach-Bliley Act (GLBA)
Strong knowledge of information security frameworks, such as ISO 27001, NIST CSF, and COBIT.

Professional Certifications:

Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other relevant certifications preferred

Benefits:

At WaFd Bank you get all of these great benefits!

Paid time off for vacation, sick days and holidays
Health insurance
Stock options
Bonus programs
Generous 7% 401(k) employer matching*
Paid Parental Leave
Life and AD&D insurance
Long-term disability
Tuition Reimbursement
Employee assistance programs
Pre-tax health and dependent-care spending plans

WaFd Bank Benefits Summary - Click here for more information

EEO Statement:

EEO is The Law - click here for more information

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled

We are committed to Equal Employment Opportunity and Affirmative Action. We recruit, hire, train and promote persons in all job titles and ensure that all other personnel actions are administered without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, age, veteran status, disability, genetic information, or any other protected characteristic. WaFd Bank is committed to providing reasonable accommodations to employees and applicants with disabilities to the full extent required by the Americans with Disabilities Act (ADA). If you feel you need a reasonable accommodation pursuant to the ADA, you are encouraged to contact us at 800.324.9375.

Know Your Rights: Workplace Discrimination is Illegal - click here for more information

Pay Transparency Nondiscrimination Provision - click here for more information

WaFd Bank Benefits Summary - click here for more information

Min: USD $150,000.00/Yr. Max: USD $225,000.00/Yr.

By WaFd Bank

WaFd Bank believes that banking is more than a series of financial transactions. It is a commitment to building relationships both with clients and the community at large. Each and every banking transaction holds a deeper meaning - whether it's ...

FUNDING

INDUSTRY

TEAM SIZE

LOCATION

Hybrid, based in Seattle, WA

DATE POSTED

July 24, 2023