Hello, I am looking for feedback from other financial institutions regarding the management of Information Security. If anyone could provide responses to the following questions for comparison purposes I would greatly appreciate it.
1. Is Information Security separate from Technology Services? 2. Does your institution have an Information Security Officer? - where information security is the only title and the only responsibility? 3. What are the duties/responsibilities of the Information Security Officer? Can you share a job description? 4. Who does the Information Security Officer directly report too? 5. What is the asset size of your financial institution? (for comparison purposes)
1) Yes. Our ISO is part of the Risk Department 2) Yes- ours handles vendor management also 3) all ISO responsibilities and training 4) To the Senior Risk Officer 5) A little over $1 billion
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell