Head of Information Security - Los Angeles, United States - Hanmi Bank

Hanmi Bank

Verified Company

Los Angeles, United States

4 weeks ago

Posted by:

Mark Lane

beBee recruiter

Description

SUMMARY
The Head of Information Security is responsible for planning, implementing and maintaining the information security program, including cybersecurity.

The information security program is designed to ensure the confidentiality, integrity, and availability of the information in compliance with industry/banking regulations.

This position will work closely with the Information Technology staff as well as stakeholders in other business units to manage information and cyber security risk, including risk identification and mitigation.

The Information Security program involves several team members, who are responsible for ongoing risk assessment, evaluation of appropriate security controls, development and monitoring of policies and standards, security awareness and training programs, project and product development consultation, incident response program management, and proactive compliance with industry regulations related to information security.

Ensures compliance with established Company policies and procedures.

Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with state and federal regulations and laws as they pertain to this position including but not limited to the following:

Regulation Z (Truth in Lending Act), Regulation B (Equal Credit Opportunity Act), Home Mortgage Disclosure Act, Real Estate Settlement Procedures Act, Fair Credit Reporting Act, Bank Secrecy Act in conjunction with the USA PATRIOT Act, Anti-Money Laundering and Customer Information Program, Right to Financial Privacy Act (state and federal) and Community Reinvestment Act.

REQUIRED DUTIES

Partner and influence stakeholders across the organization to achieve the goals outlined in the Information Security Program. Demonstrated strong leadership and management skills and the ability to secure results through others.
Develops and implements policies and procedures to ensure compliance with established regulatory guidelines to safe guard the bank's information environment.
Develops and delivers information security, privacy and data loss prevention programs to include information in electronic, print and other formats.
Facilitates enterprise-wide training on pertinent security issues are appropriate and adequate.
Ensures the Information Security Program is appropriately designed to ensure a holistic enterprise-wide perspective with reducing the overall information security risk.
Ensures that information created, acquired or maintained is used in accordance with its intended purpose to protect its infrastructure from external or internal threats and to ensure the organization complies with statutory and regulatory requirements regarding information access, security and privacy.
Implements an ongoing risk assessment program targeting information security, cybersecurity, and privacy matters; recommends methods for vulnerability detection and remediation and performs and/or oversees vulnerability testing.
Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the organization. Conducts continual research to maintain knowledge of technology, customer needs and overall requirements; stays current with advancements in technology relative to data administration, security, related services, and FFIEC Guidelines; makes recommendations to evolve information security practices and procedures to accommodate such changes.
Maintains advanced knowledge and awareness of financial industry technical status and trends.
Informs the board, management, and staff of information security and cybersecurity risks. Participates in information sharing sites (e.g., Financial Services Information Sharing and Analysis Center) on cyber threats and vulnerabilities that may affect Hanmi Bank.
Develops and manages information security resources or budget to maintain an effective information security program.
Provides a quarterly state of the Information Security Program report to the Risk Committee.
Monitors, maintains and adjusts the Information Security Program in light of audit findings and recommendations, changes in the internal and external landscape, relevant changes in technology, and changes in business strategy.
Monitors staff in daily tasks, operations and quality control.
Treats people with respect; keeps commitments; inspires the trust of others; works ethically and with integrity; upholds organizational values; accepts responsibility for own actions.
Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.
Follows policies and procedures; completes tasks correctly and on time; supports the company's goals and values.
Performs the position safely,