About Blue Foundry Bank This is the Bank Where Things are Made. Blue Foundry is a bank where businesses are shaped, plans are formed, ideas are refined, solutions are built, and stuff gets done. Blue Foundry is revolutionary, bold, resourceful, roll-up-your-sleeves committed, smart, creative and fun. A Bank of movers, shakers, and makers…We are a Bank that Gets Things Done. At Blue Foundry Bank we invest in the well-being of our most prized asset…our employees! We provide a robust array of programs and benefits to help employees advance their careers and enhance the quality of their lives. Our experiential learning and development program ensures employees are on track to grow their career as of day one. In addition, our comprehensive compensation package includes; medical, dental, and vision coverage; life insurance, short- and long-term disability insurance; 401(k)/Roth with company match up to 5%; paid time off, and 11 paid holidays; employee referral bonus; and educational Position Summary The Chief Information Security Officer (CISO) is responsible for developing and overseeing the Blue Foundry Bank’s enterprise-wide information security strategy, ensuring the confidentiality, integrity, and availability of customer and organizational data, systems, and critical financial assets. The CISO leads efforts to protect the bank from cybersecurity threats, data breaches, and regulatory risks while ensuring compliance with industry standards and banking regulations. As the primary liaison for information security, you will collaborate with executive leadership, regulatory bodies, internal teams, and third-party vendors to maintain security operations and compliance. You will be responsible for overseeing the development and dissemination of security policies, testing and monitoring their effectiveness, and recommending improvements to align with the dynamic threat landscape. Additionally, you will lead cybersecurity training initiatives, ensuring the security, confidentiality of customer information, and oversees compliance with financial industry regulations, such as FFIEC guidelines, PCI DSS, and GLBA. By managing cybersecurity budgets and building a high-performing security team, the CISO ensures effective governance of the bank’s information security program, protecting its customers, assets, and reputation. Primary Responsibilities + Responsible for identifying, developing, implementing, and maintaining processes across the bank to reduce information and information technology risks. + Oversee components of the Bank’s Cybersecurity Program (IRM Program), including technological and logical controls, governance/policies and operational procedures and determine their adequacy and effectiveness + Perform annual review as required by the Bank for components of the existing Cybersecurity Program (IRM Program) to include policies, standards, threat assessment, incident response and other documents identified for (periodic) presentation in the Board of Directors. + Perform annual Cybersecurity compliance physical site review in locations required by the program. + Create and maintain the baseline documentation for Corporate File Management and Retention and identify procedures to support policy. + Direct and review data discovery, data classification and data flow analysis and provide updates. + Maintain and review application and system inventory and implementation of appropriate audit reviews. + Monitor, evaluate and maintain the adequacy of existing Cybersecurity Framework, procedures and compliance with existing Cybersecurity Policies + Responsible for responding to incidents, establishing appropriate standards and controls, managing security technologies, and directing the establishment and implementation of policies and procedures. + Monitors access to all systems and maintain access control profiles on computer network and systems. Tracks documentation of access authorizations to all resources. + Researches and investigates measures that address data security risks and potential losses for reporting purposes. + Provide guidance and administration for periodic end-user security-related training as needed to raise awareness and protection against phishing, malware, and other security vulnerabilities. + Responsible for directing and supervising vulnerability assessments and penetration tests. + Responsible for installing, modifying, enhancing and maintaining data system security software. Additional Responsibilities + Works on determining acceptable risk levels for the bank and ensuring the IT environments are adequately protected from potential risks and threats. + Participates in the development and implementation of the appropriate and effective controls to mitigate identified threats and risks. + Follows-up on detected security issues and implements solutions to reduce security risks + Regularly provides reports regarding the status of the information security program to executive management and the Board of Directors. + Assists in research, development, communication, maintaining and working with the operational units on the enforcement of IT security architecture, policies, procedures, solutions and standards. + Oversees incident response planning as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary + Facilitate and direct tabletop exercises + Supports improved data security awareness and education, including on-call availability. + Responsible for staying abreast of the latest industry security practices and technologies + Meet with department heads to analyze, document and define requirements associated with new development or maintenance and enhancements to existing security roles and permissions. Reviews completed roles/permissions with users to ensure requirements are fully met. + Delivers services that meet regulatory specifications while working with internal and external auditors to document and confirm that all security administrative duties are properly performed as well as demonstrates overall compliance. + Provides guidance as needed on regulatory compliance or investigations. + Responsible for reviewing and evaluating the information security aspects of third-party service providers, vendors, contractors, and other suppliers who have access to company and customer information and systems as they relate to the following: + New and renewal contracts: Review contracts and as necessary ensure they contain appropriate non-disclosure language and security commitments. + Performance: ensure appropriate service level expectations are defined. + Reports: Review and evaluate SOC Reports, regulatory reports, policies, procedures and other documents provided. + Monitor and evaluate security vendor performance against contractual commitments and ensure service level agreements are met. Position Requirements + Bachelor's degree in computer science or related field + Minimum of 8+ years of progressive experience in information security and banking industry + Must be able to communicate security-related concepts to a broad range of technical and non-technical staff. Acting as a bridge between IT and business process owners. + Certification in Certified Information System Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH) or Certified Information Security Manager (CISM) + Computer investigation and forensics methods and technologies + Must have strong knowledge of regulatory compliance and best practices for FDIC, FFIEC, PCI-DSS, SOC2, NIST, COBIT frameworks. + Subject matter expert in developing and overseeing security controls in the public cloud environment (Microsoft Azure). + Strong knowledge of privacy laws, such as GLBA and SOX + Must possess strong project management and leadership aptitude; demonstrated professionalism in managing multiple projects and resources effectively. + Experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation. + Outstanding communication skills - must be proficient in communicating across all levels of the organization and building successful relationships. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, LGBTQ, national origin, disability or protected veteran status. Come join the Blue Crew community and be part of our success!