Information Security Administrator I, II, III Position Function: Assist the organization with oversight and governance of the Information Security and Cybersecurity initiatives. Engage varying business lines to assess risks and identify threats to the information assets of the Bank. Conduct and participate in vulnerability & penetration testing, risk assessments, security awareness and socialization, 3rd party vendor, product and service assessments (SSAE 16 SOC reviews), as well as policy management and procedure reviews. Interact and direct with different levels of management. Engage other subject matter experts (Legal, IT, Compliance, Human Resources, and Audit) to affect policy and achieve compliance. Performs all duties and interacts with internal and external customers in a manner aligned with the Company's Core Values of Voyaging Spirit and Positively Ohana; Customer Experience Competencies of Customer Interaction, Empowerment and Ownership; and Basic Skills of Listening, Oral Communication, Written Communication, Action Orientated, Thoroughness, Problem Solving. Primary Accountabilities: Security Assessment and Design * Identify potential threats and respond to reported security violations to determine causes, possible solutions, and remedial actions required to ensure data security. * Administrator risk analyses pertaining to the security needs of the bank and prepare recommendations based on risk/exposure versus cost. * Prepare objectives, alternatives, risk analyses, and cost/benefit analyses. Document risk of systems, applications, and vendors. Determine risk by evaluating the existence of controls that help reduce risk, help identify residual risk and risk treatment plans. Prepare/ present research findings. * Review employee violations of computer security procedures and reports violations to the appropriate personnel. * Perform penetration and vulnerability testing; report, record and work with departments to resolve security related issues and incidents. Daily Operations: * Interface with vendor owners and vendor management to maintain the risk assessment tools and keep the assessment process current. * Review reports and ensure that possible threats are addressed and tracked until closure in the reporting systems. * Review authorization and problem documentation for security related requests and incidents. Escalate and log any related requests to the reporting systems. Continue to monitor issues until resolution. * Review notifications to ensure that threats are escalated to the appropriate department or vendor. Continue to monitor issues to ensure issues are addressed and logged in the reporting systems. * Administrator the security risk assessment process, providing advisory support to vendor owners on the evaluation of risks, development of risk responses, and work with stakeholders to define and implement process enhancements. * Manage the reviews of relevant SSAE 16 SOC1 and SOC2 reports. Security Awareness * Review existing security awareness initiatives and help develop new programs based on current threats. * Maintain an outward-facing and forward-looking view to provide solutions to ensure that the bank's Information Security Program is current and relevant. Keep up with new regulations, gather concerns and periodically assesses existing risk management processes to determine what needs to be changed and suggest changes. Reporting * Assists in the fulfillment of administrative reporting requirements. Continued Education and Self Improvement * Stay abreast of bank's applications and system capabilities. * Research, resource, resolve, and be self-reliant when approaching projects, tasks, and job responsibilities. * Maintain up-to-date knowledge and skill with current technologies in the information technology industry. * Study and pass various IT security related certifications. * Utilize training materials available through the bank's training programs. Minimum Qualifications: Education: H.S. Diploma required College degree (Audit, MIS, Information Assurance or Computer Science) or equivalent work experience preferred Experience: Administrator I - 3+ years of previous experience in information security, audit, controls, and regulations & privacy laws pertaining to the release of information, and security & access control technologies (A relevant Bachelor's degree can substitute for 2 years of work experience). Administrator II - 4+ years of previous experience in information security, audit, controls, and regulations & privacy laws pertaining to the release of information, and security & access control technologies (A relevant Bachelor's degree can substitute for 2 years of work experience). Administrator III - 5+ of previous experience in information security, audit, controls, and regulations & privacy laws pertaining to release of information, and security & access control technologies. (A bachelor's degree can substitute for 2 years of work experience.) Physical Requirements & Working Conditions: * Must be able to perform light physical work and to move or lift items including but not limited to boxes, files and papers up to 20 pounds unless otherwise as indicated. * Must be able to operate and proficiently use standard office equipment, including phone, copier, personal computer and/or other work related mechanical or electronic devices and applications. * Must be able to clearly communicate verbally and in writing with all internal and external customers. Must also be able to hear sufficiently to engage in daily discussions and interactions. * Must be able to read and understand bank-related documents. * Must be able to work in a conventional office setting, involving sitting at a desk or workstation for long periods of time. Must also be able to adapt to different work environments as needed to perform the job. We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing.