Overview:

Responsible for the development, implementation, and maintenance of a comprehensive information security and privacy risk management program in support of protecting personally identifiable information of customers of the bank, its subsidiaries, and affiliates (collectively the Company); as well as adequately safe guarding strategic non-public information owned by the Company. The incumbent will assist in assuring the Companys compliance with Gramm Leach Bliley 501(b) program requirements and other applicable federal and state privacy laws, maturing the Companys program accordingly. The incumbent will provide the methods and framework as well as assess security threats to the Company and its customers and closely work with Information Technology to mitigate potential exposure to acceptable levels of residual risk.

Key Responsibilities.Design and lead FNFGs enterprise wide information security and privacy risk management program ensuring compliance with all regulatory requirements and industry best practices.Facilitate the execution and quality of the annual information risk assessment process, information risk and control self-assessments, and ad-hoc event-driven risk assessments.Develop and manage a team of 3 to 5 employees who are information security and privacy risk management experts. Identify, document and remediate information security risks by working collaboratively with all FNFG business units.Author and maintain information security and privacy risk management policies, and procedures; including standards and frameworks to enable proper information security and privacy risk management by first line organizations - including but not limited to scenario and event identification, risk quantification and aggregation, and risk response decision making.Develop, implement, and monitor the effectiveness of an information security awareness program across all FNFG business units. Monitor testing parameters across FNFG to ensure privacy policies and procedures are adhered to.Develop and administer disclosable event response program for suspected unauthorized access, modification or disclosure of personal financial information. Work collaboratively with Physical Security, Fraud, Technology and Internal Auditors to assure comprehensiveness and completeness of the program. Work with the CRO by preparing updates on FNFGs Security Program and presenting to the ERMC and Board Risk Committee.Lead penetration testing efforts in collaboration with Internal Audit.Develop and provide information security and privacy risk management methods, tool and processes for use by project managers during the initiation, planning and execution of projects. Other duties as assigned.

QUALIFICATIONS:

Minimum Qualifications Bachelors degree in accounting, finance or business. Masters degree preferred. Bachelors degree or equivalent experience Masters degree strongly preferredCertification required: CRISCOther certifications preferred: CISSP, CISM, CISA, CRP10+ years experience in information security and privacy risk management (financial services background is required) Previous management experienceLeadership and motivation skillsRoot cause analysis skillsRisk and Control Self Assessment skillsDemonstrated ability to effectively interact and partner with all levels of personnelStrong oral and written communication and presentations skills are required including experience at the Enterprise Risk Committee level.Proven ability to network with industry related security and privacy groups to ensure FNFG maintains best practice posture in their information security and privacy program.