Thread Options
#83564 - 05/29/03 05:32 PM Information Security Officer duties
Anonymous
Unregistered

We are in the process of writing a job description for the Information Security Officer (ISO). How are you accomplishing the requirements of the "Roles and Responsiblilities" section of the new Info Sec guidelines? Is your "central authority" one person? a committee? the same as your ISO? How many ISOs do you have? I'm going to search for the analysis section Ted mentioned in his January Post ("GLB Exam") about "the new position with specific title not being necessary, as long as there were adequate staff and lines of authority and responsibility for the InfoSec program are well defined and clearly articulated."

Thanks!

Return to Top
Security - PUBLIC
#83565 - 05/29/03 08:41 PM Re: Information Security Officer duties
Ted Dreyer Offline
Diamond Poster
Ted Dreyer
Joined: Apr 2001
Posts: 2,245

Return to Top
#83566 - 05/30/03 05:37 AM Re: Information Security Officer duties
Princess Romeo Offline

Power Poster
Princess Romeo
Joined: Jun 2001
Posts: 8,272
Where the heart is
We wound up with 2 Information Security Officers. The manager of our I.T. Department is the ISO for I.T. related information. I am the ISO for physical data and procedures. We collaborate on our Risk Assessment, policy updates, board reporting, training, etc.

Basically, it's rare to find one person who can cover all of Information Security. Since so much of it is I.T. related, you need someone well versed in technology issues. However, you also need someone who is familiar with all of the OTHER processes in the bank as well as all of the regulatory requirements and developments.
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'

Return to Top
#83567 - 05/30/03 02:24 PM Re: Information Security Officer duties
Anonymous
Unregistered

Thanks Ted and Bonnie! Bonnie - How does the InfoSec fit in with your corporate structure? We are just in the planning stages of a risk management "arm", but really aren't that big of a bank yet. Our compliance, audit and IT are separate departments. Are you the privacy officer also? We may have to go to the local milliner and purchase some more hats.

Thanks!

Return to Top
#83568 - 05/30/03 07:10 PM Re: Information Security Officer duties
Princess Romeo Offline

Power Poster
Princess Romeo
Joined: Jun 2001
Posts: 8,272
Where the heart is
We have not specifically designated a "Privacy Officer", but as Compliance Officer, the Privacy regs come under by job description.

We do not have a very complex corporate structure either. I report to the CCO/Risk Manager. The IT Manager reports to the CFO. But it is understood that this area (as well as BSA) encompasses all of the Bank.
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'

Return to Top
#83569 - 05/30/03 08:32 PM Re: Information Security Officer duties
Anonymous
Unregistered

Thanks - I assume CCO is Corporate Compliance Officer?

Return to Top
#83570 - 05/30/03 10:03 PM Re: Information Security Officer duties
Princess Romeo Offline

Power Poster
Princess Romeo
Joined: Jun 2001
Posts: 8,272
Where the heart is
Quote:

I assume CCO is Corporate Compliance Officer?



Oh dear, No! CCO = Chief Credit Officer. Yes, I report to the Chief Credit Officer which is not an optimal situation for a compliance program, but as long as he sees things my way, so does everyone else! And if he doesn't, that usually only lasts until our Internal Audit company says otherwise, or an examiner corrects him.
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'

Return to Top

Moderator:  Andy_Z