Need for an Information Security Practitioner at a Financial Institution

Credit EligibleAs a CUInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

The focus on information security is not just a passing phase”we have seen it sustained over the past couple of years, and it continues to grow. So you can now begin to place yourself in a position to become that ideal security professional as this role evolves and expands more so for banking and financial institutions where information security plays a critical role because banks are committed to the security of its customer's financial and personal information, again, financial institutions have to abide by privacy, customer trust and information security laws and regulations which have increased significantly in the past 5-6 years, additionally the risk of financial loss, security breaches is something which is on the rise and steps need to be taken to address these very significant security issues plaguing the banking industry particularly.

The global environment in which financial institutions now operate brings with it a whole new set of challenges. Details of breaches publicized this year will suggest that financially motivated, targeted attacks are increasing and the criminal profile is shifting - from random disorganized hackers to well funded organized crime groups. As threats to financial institutions widen from technical and infrastructure threats to those affecting applications, data and people, the role of new security functions is also evolving from being IT focused to becoming a business centric issue.

Data leakage/Loss (the TJ Maxx incident) has exposed deeply grounded and long-term problems in the way financial institutions have been managing their sensitive customer data. Identity theft is typically associated with credit card and mail fraud. New methods, such as spear-phishing (targeted and convincing email attacks) are constantly emerging. Advanced versions include the use of phishing and pharming (persuading people to disclose sensitive information through phony emails and web sites) and use of malicious spyware and hacking to obtain sensitive information.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

This brings us to the heightened need for an effective information security practitioner in a bank or a financial institution.

Who is an effective security practitioner at a bank? Let us look at a sample information security officer job description/ roles and responsibilities and the ideal background required for this challenging position.

Sample Job Description:

This is a senior security officer position in a financial institution reporting directly to senior management. The senior security officer oversees and coordinates security efforts across the bank including departments such as information technology, human resources, communications, legal, finance management and other groups, and identifies and establishes security initiatives and standards through out the organization. The Information security officer is responsible for planning, directing and coordinating the bank's information security policies, setting procedures and guidelines to ensure that all information systems are functional, secure and safeguarded throughout the bank and are in compliance with privacy, customer trust and information security laws and regulations applicable to financial institutions. The senior security officer is responsible for working with key individuals throughout the organization to develop business cases for new security projects and in the risk assessment of existing and planned information systems.

Additionally, the Information security officer is responsible for providing leadership as well as insuring the technical and administrative support for the development of Disaster Recovery and Business Continuity programs for the bank. Direct reports will include security engineers/ analysts and other technical staff members.

An information security officer should approach their role determined to make a difference to the business they are supporting. This advice comes from someone who knows how to make a difference, Steve Katz, who was the first Chief Information Security Officer (CISO) of a major financial institution, Citigroup, back in the mid 1990s. "There is not a better, more exciting more uplifting career that you could possibly have than the one you have in information security," Katz said, making the information security career path an easy choice. He added, "the people who do information security for a living are dedicated, committed and generally passionate about what they do, and they recognize that they are making a difference."