Assistant Information Security Manager
First Commonwealth Bank

**Although position is Telecommuting Eligible, candidates must reside in PA or OH.

Assists in management of the Information Security Department. Provides mentorship to team members and assist with projects as needed. Works closely with Information Security Manager to define goals, responsibilities, and priorities of team members. Manages Information Security related projects and monitors established controls. Liaison for all internal and external audit/regulatory communications.

Documentation and oversight of new and existing regulatory and standard framework compliance. Ex. ISO, NIST, FTC, CFPB and other cybersecurity risk related items as needed.

Provides oversight of Information Security Program reviews and daily processes. This includes annual reviews of user access to various systems/processes and daily reviews of system alerts and anomalies. Completion of risk assessments including third party and new products.

Essential Job Responsibilities____________________________________

1. Information Security Manager backup responsibilities including monitoring of individual and team goals, provides mentorship to group.

2. Develops and monitors daily Information Security tasks including monitoring of security alerts and anomalies and change management processes.

3. Documentation and oversight of new and existing regulatory and standard framework compliance. Ex. ISO, NIST, FTC, CFPB and other cybersecurity risk related items as needed.

4. Oversight of security program reviews (annual reviews of items such as SQL access, FTP access, privileged access, etc.)

5. Works closely with other departments to implement and maintain security controls.

6. Acts as liaison for all internal and external auditor/regulatory communications and responsible for gathering of requested data.

7. Identifies emerging threats and risks, provides recommendations to mitigate.

8. Manages Information Security related projects.

9. Completion and oversight of risk assessments including third party and new products

10. Serves as relationship manager for third party vendors providing Information Security services.

11. Assists in development and monitoring of Information Security controls, processes, and technologies.

12. Position may require non-traditional working hours to support projects. Provides 7x24 on call support as necessary.

Bona Fide Occupational Qualifications_____________________________

1. Bachelor's degree in information systems or a related field of study, or equivalent in work experience required.

2. A minimum of seven (7) years' IT experience required. Previous management experience preferred.

3. Strong understanding of network architectures, network security devices such as firewalls, application security controls, Windows operating systems, DLP solutions, SIEM technologies, and Active Directory required.

4. Understanding of cybersecurity risks and threats required.

5. Experience working with regulatory standards required.

6. Working knowledge of industry regulatory requirements and best practice, including ISO and NIST preferred

7. Excellent oral and written communications skills required. Project management experience a plus.

8. Degree or certifications in Information Security or Audit related studies required (CISSP, GIAC, CISA, CISM)

9. May be eligible for Telecommuting.


Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)