Information Security Officer

Franklin Fitch • Full-time • Pittsburgh, PA, US • $110k - $120k / year • 2d ago

Are you an experienced Information Security Officer (ISO) with understanding of the financial industry?

The Information Security Officer is responsible for the development, implementation, and management of an organization's information security program, ensuring the confidentiality, integrity, and availability of sensitive data, digital infrastructure, and internal systems. This role collaborates closely with senior leadership to manage cyber risks, meet regulatory expectations, and foster a strong security-focused culture across departments.

Essential Duties and Responsibilities

Strategic Leadership & Governance

Design and maintain an enterprise-wide Information Security Program (ISP) aligned with recognized regulatory frameworks (e.g., FFIEC, GLBA, NIST).
Provide cybersecurity insights and strategic recommendations to executive leadership and key stakeholders.
Oversee the creation and revision of security policies, standards, and practices to defend against evolving threats.

Risk Management & Regulatory Compliance

Perform regular risk assessments to identify vulnerabilities and prioritize risk mitigation efforts.
Maintain compliance with applicable federal, state, and industry-specific regulations and standards.
Liaise with internal and external auditors, regulators, and assessors during security reviews and examinations.
Lead the development and execution of the organization's incident response plan.

Cybersecurity Operations & Infrastructure Protection

Monitor and assess the security status of systems, networks, and applications.
Work in collaboration with IT to ensure that security technologies (e.g., firewalls, IDS/IPS, endpoint protection) are effectively deployed and maintained.
Implement and manage authentication, encryption, and access control measures.
Evaluate third-party vendors to ensure alignment with security and compliance standards.

Security Awareness & Training

Develop and roll out ongoing cybersecurity training and awareness initiatives for employees at all levels.
Conduct testing and simulation exercises to strengthen organizational readiness.
Promote best practices in fraud prevention, data protection, and threat recognition.

Incident Response & Business Continuity

Act as the primary contact for cybersecurity incidents and breaches.
Coordinate investigations, documentation, and recovery efforts in collaboration with internal teams and third parties.
Support the integration of cybersecurity measures into business continuity and disaster recovery plans.

Additional Responsibilities

Attend relevant professional development events and industry conferences.
Maintain strict confidentiality in line with ethical standards and company policies.
Support cross-functional collaboration with departments such as Risk, Compliance, and IT.
Participate in team efforts and contribute to broader organizational goals.
Assist in regulatory and internal audit processes as needed.
Bring a proactive, solution-oriented mindset to enhancing security posture.

Education And Experience

Bachelor’s degree in Cybersecurity, Information Technology, or a related field (Master’s preferred).
5+ years of experience in information security, cybersecurity, or IT risk management within the financial sector.
Certifications preferred: CISM, CISSP, CRISC, or GIAC.
Strong knowledge of banking regulations, cybersecurity frameworks, and risk management principles.
Experience with SIEM solutions, network security tools, penetration testing, and incident response.