Skip to content
BOL Conferences
Thread Options
#1831746 - 07/10/13 05:38 PM Info security program officer is????
Trees Offline
Power Poster
Joined: Apr 2005
Posts: 4,013
We are getting larger but not large enough to have a full time Info Sec. Officer who is responsible for managing the bank's Info Security Program and is also separate from IT Dept. The job used to be Compliance but too many hats piled on there and the person isn't qualified for Info Sec. For us that covers typical IT stuff but also vendor management. We would still like to put it in the hands of IT but some are arguing that they can't oversee what they have their hands in. Looking for who has this job at your bank...Thanks.

Return to Top
Risk Management
#1831750 - 07/10/13 05:45 PM Re: Info security program officer is???? Trees
#Just Jay Offline
10K Club
#Just Jay
Joined: Oct 2006
Posts: 14,390
Cheeseheadland
IT.
_________________________
I don't repeat gossip, so listen closely...

Return to Top
#1831784 - 07/10/13 06:29 PM Re: Info security program officer is???? Trees
renniks Offline
Diamond Poster
renniks
Joined: Sep 2003
Posts: 2,162
New England
Chief Operations Officer (who also owns the IT department)

Return to Top
#1831785 - 07/10/13 06:30 PM Re: Info security program officer is???? #Just Jay
A_G Online
10K Club
Joined: Jul 2004
Posts: 18,989
A joint effort between IT and compliance here.
_________________________
With the lights out, it's less dangerous.

Return to Top
#1831790 - 07/10/13 06:36 PM Re: Info security program officer is???? Trees
J2C Offline
Diamond Poster
Joined: May 2004
Posts: 1,475
Big Brother knows and that's a...
IT. A security officer designated within that group.
_________________________
My opinion is mine only- not my employer's!


Return to Top
#1831805 - 07/10/13 06:59 PM Re: Info security program officer is???? J2C
manimal Offline
Diamond Poster
manimal
Joined: Feb 2008
Posts: 2,207
Deleted
Originally Posted By: jennyfromthebloc
IT. A security officer designated within that group.


Ditto
_________________________
We're all here 'cause we've lost control.

Innerpartysystem

Return to Top
#1832116 - 07/11/13 04:57 PM Re: Info security program officer is???? Trees
Midnight Offline
Member
Midnight
Joined: Jun 2008
Posts: 69
Upper Mid West
We put a committee together that acts as the Information Security Officer and is named as such in bank policy. The committee consists of four individuals: Compliance Officer, Internal Auditor, Physical Security Officer and the Enterprise Risk Manager. IT sits in on the meetings. Each member of the commitee plays a role: Auditor monitors IT related items and reports on them; Compliance handles vendor management items; Security reports on security related items. We are a small community bank and couldn't find the right one person to hang this hat on. This is working pretty well for us.

Return to Top
#1832137 - 07/11/13 05:32 PM Re: Info security program officer is???? Trees
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
Actually, when I still had to be responsible for this stuff personally, had an IT person responsible for the IT info security, but a "privacy officer" in risk or compliance responsible for the rest.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#1833103 - 07/16/13 12:00 PM Re: Info security program officer is???? Trees
Retired DQ Offline
10K Club
Retired DQ
Joined: Dec 2002
Posts: 40,766
Turnpike Exit 10
IT
_________________________
Get your facts first, then you can distort them as you please. - Mark Twain

Return to Top
#1838390 - 08/01/13 01:19 PM Re: Info security program officer is???? A_G
P*Q Offline

Power Poster
P*Q
Joined: May 2001
Posts: 8,458
Somewhere
Originally Posted By: A_G
A joint effort between IT and compliance here.

Ditto

Return to Top
#1839046 - 08/02/13 06:15 PM Re: Info security program officer is???? P*Q
RR Jen Offline
Power Poster
RR Jen
Joined: May 2003
Posts: 3,760
Running and riding everywhere ...
Originally Posted By: P*Q
Originally Posted By: A_G
A joint effort between IT and compliance here.

Ditto


Me three.
_________________________
I don't need any more negativity in my life...be positive and helpful people or I will kick you in the shins!!!

Return to Top
#1839056 - 08/02/13 06:28 PM Re: Info security program officer is???? Trees
Matt_B Offline
Diamond Poster
Matt_B
Joined: Sep 2011
Posts: 1,648
A CU, Where Regs Don't Apply
Our CEO is designated as our security officer, but that's pretty much a formality and he knows nothing about security aside from locking his car door. I guess this would be IT for us too, since nobody else is doing anything about it.
_________________________
Someone's about to get horned!

Return to Top
#1839177 - 08/02/13 08:23 PM Re: Info security program officer is???? renniks
ahkcompliance Offline
Diamond Poster
Joined: Sep 2008
Posts: 2,474
Midwest
Originally Posted By: renniks
Chief Operations Officer (who also owns the IT department)


Same here

Return to Top
#1843537 - 08/19/13 02:27 PM Re: Info security program officer is???? Trees
auburn Offline
New Poster
Joined: Dec 2005
Posts: 3
Delaware
I would suggest you carefully review the regulatory guidance to ensure you (and the appropriate executive management and board committees) are clear on what the functions, roles and responsibilities of the Info Security Officer are. Keep in mind any comments/criticisms provided by your requlator requiring attention. Then, you should be able to develop and prioritize a "to do" list of actions to be taken by the ISO. At this point, you can assess who in your organization is best qualified to execute on what needs to be done. Again, this assessment should be taking place at an executive management level with input and participation from the appropriate board committee. If no one is qualified, then you need to hire someone. Forget selecting based soley on title or position.

Return to Top

Moderator:  Andy_Z