Skip to content
BOL Conferences
Thread Options
#1859415 - 10/08/13 03:14 PM Can IT officer also serve as Information Security?
Fishmcc Offline
New Poster
Joined: Jun 2006
Posts: 5
We are a small bank and I am trying to find out if our IT officer can serve as Information Security Officer. He currently handles all of the functions of an ISO but we have another officer in the bank as an in name only ISO. Are there any regs that would prevent the IT guy from having both titles?

Thanks

Return to Top
Security - PUBLIC
#1859473 - 10/08/13 04:16 PM Re: Can IT officer also serve as Information Security? Fishmcc
manimal Offline
Diamond Poster
manimal
Joined: Feb 2008
Posts: 2,207
Deleted
Our IT Manager is our ISO, and auditors and examiners have been fine with that so far. smile
_________________________
We're all here 'cause we've lost control.

Innerpartysystem

Return to Top
#1859477 - 10/08/13 04:21 PM Re: Can IT officer also serve as Information Security? Fishmcc
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
It can depend upon size and complexity of the bank. As a bank grows, independence of the ISO from the head of IT can be expected.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#2044043 - 10/14/15 12:13 AM Re: Can IT officer also serve as Information Security? Fishmcc
PorcelainDoll Offline
Member
Joined: Sep 2015
Posts: 93
The West
I would like to revive this thread. It seems that the FDIC has been telling banks in the West that these need to be separate positions. I am the Compliance Officer for a bank with 20 branches, approximately $4 billion in assets. I have no IT background and I am being asked to assume the ISO position. I do not feel that this is appropriate. For starters, I do not have the experience and secondly, I already have enough responsibilities.

Kathy, can you explain why it is acceptable for a small bank to have the positions combined, but not for a larger complex bank? What exactly is the issue? The fact that I have to ask this question clearly indicates my ignorance, and explains why I am uncomfortable with the idea. If I had the appropriate background, I would likely understand the reason for the segregation.
_________________________
PorcelainDoll
CRCM

Return to Top
#2044046 - 10/14/15 01:27 AM Re: Can IT officer also serve as Information Security? Fishmcc
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
There can be a conflict when the head of IT wishes to set things up in a certain way; the ISO should be able to point out the info security weaknesses in the setup, file accesses given, etc.

If it is one person, there is no "watchdog".
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#2044056 - 10/14/15 11:53 AM Re: Can IT officer also serve as Information Security? Fishmcc
PorcelainDoll Offline
Member
Joined: Sep 2015
Posts: 93
The West
Thanks Kathleen,

This information is helpful. I would not be the person to know if there was a security weakness. I need to explain this to managment.
_________________________
PorcelainDoll
CRCM

Return to Top

Moderator:  Andy_Z