Click to return to BOL home page
Banker Store Read A Reg BOL Insiders Career Connect Learning Connect Bankers Information Network


    Site Map

    Our Sponsors


Compliance Gurus
Lending Gurus
Operations Gurus
Security Gurus
Marketing Gurus
eBanking Gurus

Print Friendly! Email This Article! Discuss NOW!

Information Security Manager Job Description
Answer by Michele Petry BOL Guru

QUESTION: We are considering creating a position to manage information security and possibly business recovery. I'm looking for some guidance on what the level of this position should be, and who it would report to. Should it report to IT? Should it be independent? Should it be a senior level position?

ANSWER: With the continued importance of information security and customer privacy, the creation of a senior level position for managing an information security and disaster recovery program will likely become more common in the banking industry.

The following job description can be adapted to suit your institution's needs.

Information Security Manager Job Description

Reports to: Chief Information Officer, or Senior Executive

General Purpose: The Information Security manager serves as the process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards.

Position Responsibilities:
  • Serves as an internal information security consultant to the organization
  • Documents security policies and procedures created by the Information Security Committee
  • Provides direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and procedures
  • Initiates, facilitates, and promotes activities to create information security awareness within the organization
  • Perform information security risk assessments and serves as an internal auditor for security issues
  • Implements information security policies and procedures for the organization
  • Reviews all system-related security plans throughout the organization's network, acting as a liaison to Information Systems
  • Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager
  • Coordinates the activities of the Information Security Committee
  • Advises the organization with current information about information security technologies and related regulatory issues
  • Monitors the internal control systems to ensure that appropriate access levels are maintained
  • Prepares the disaster recovery plan

First published on 5/06/02

Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us

BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.