Trees, I think you are in NY. Not sure if you are aware but NYS is taking big steps in focusing on Cyber Security in examinations. Specific focus will be on the Chief Information Security Officer and requirements that this individual has the expertise required to effectively perform this function and receives the adequate training for the position. Also, requirements for reporting Cyber Security measures to the state on a periodic basis will be enforced.
NYS released the Letter to Banks regarding Cyber Security Examinations and, as the article states, gave no indication that these exams would differentiate between banks by size, so all banks will probably be subject to the same basic requirements REGARDLESS OF SIZE.
Good luck with your new ISO.
My opinion is mine only- not my employer's!