Responsible for determining enterprise information security standards and compliance with the requirements of the Gramm-Leach-Bliley Act. Responsible for the adequacy of and monitoring of information security within the organization. Analyzes information security systems and applications, recommends security measures to protect information against unauthorized modification or loss. Oversees the institution’s Business Continuity and Disaster Recovery Plan and documentation. Coordinates the development of policies, procedures and guidance to establish, implement, maintain and oversee HarborOne’s Information Security Program, which includes the requirements of the Gramm-Leach-Bliley Act. Monitors user access controls for all applicable bank systems. Acts as primary vendor liaison responsible for maintaining vendor relationship, contracts, contact information and keeping up-to-date on vendor initiatives, as they pertain to IT security and Disaster recovery. Responsible for the overall strategic development, evaluation, and enhancement, of the Vendor Management Program, its policies, processes, best practices and tools used to direct the vendor lifecycle from selection to contract expiration.
Performs related and unrelated duties as may be required.
Bachelors degree or its equivalent in technology field with specialized training in information security, business continuity planning and network operating systems as well as exposure to project management, computer operations, TCP/IP, security systems (firewalls, and other hardware or software), technology planning, risk management and network administration. Must have solid grasp of current technologies and security initiatives. Relies on extensive experience and judgment to plan and accomplish goals. Strong project and time management, problem solving and communication skills required. Security and BCP certifications recommended. Attendance in office during normal business hours (at minimum) may be required in order to effectively coordinate with multiple departments, projects and outside entities.