Apply on Employer Site

Canandaigua National Bank · 10 hours ago

Deputy Chief Information Security Officer

Pittsford, NY, US

Full-time

Hybrid

Director/Executive

$144K/yr - $181K/yr

8+ years exp

Canandaigua National Bank is a community-focused financial institution seeking a Deputy Chief Information Security Officer (Deputy CISO) to assist the Chief Information Security Officer in managing daily program operations and ensuring regulatory compliance. The role involves overseeing Information Security teams, developing strategies, and managing risk management programs while requiring strong leadership and communication skills.

BankingFinancial Services

Responsibilities

Provide operational oversight of Information Security team

Assist the CISO with Department Program assessments and long-term roadmap

Assist the CISO with the development and implementation of Program strategies

Develop metrics and measurements to assess Program progress and effectiveness

Monitor the emergence of new threats and vulnerabilities, assess risks and impacts and recommend mitigation strategies

Assist the CISO with managing security incident investigations

Develop and maintain Information Security governance documentation

Oversee the development and maintenance of Information Security educational initiatives

Oversee the development of monitoring processes related to Information Security controls

Assist with risk management, including conducting risk assessments, vulnerability management, and similar activities

Lead or participate on projects as appropriate, assisting in the development of new or modified products or services, to ensure adequate Program controls are in place prior to implementation and Department deliverables are completed/provided as required

Assist the CISO with ensuring regulatory compliance. Assist with the remediation of internal/external audit, examination, and penetration test findings related to the Programs

Recommend and assist with Program remediation and improvements to infrastructure, controls, policies and procedures

Stay current with IT-related regulatory guidance and alerts and industry alerts including FS-ISAC information. Maintain a current understanding of the IT threat landscape for the industry

Maintain confidentiality of all investigations, reports and other sensitive information associated with position

Qualification

CISSP certificationInformation Security ManagementRisk assessmentsTechnical writingLeadership skillsProject managementAnalytical skillsCommunication skillsOrganizational skillsPresentation skills

Required

A Bachelor's degree in Information Security, Computer Science, or a related field required

Certified Information Systems Security Professional (CISSP) certification required

Minimum 8 years' experience in an Information Security Management capacity with experience in all security domains and with experience in team management required

Strong writing and grammar, including technical writing, presentation development, and report development for all audience levels

Ability to present to a range of internal, external and customer audiences, including technical and non-technical decision makers, Executive Leadership, and Directors

Ability to read, analyze and interpret industry standards, government regulations, professional journals, etc

Strong leadership in developing and leading initiatives with the ability to supervise others

Excellent planning and organizational skills

Excellent analytical and problem-solving skills

Proven experience with risk assessments with excellent understanding of application development and technical infrastructure security

Ability to respond to common inquiries or complaints from employees, customers, regulatory agencies

Ability to travel to various locations as necessary

Preferred

Additional professional security management certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or other equivalent certification