Information Security Manager

River Run is a shared services organization that supports banking affiliates, Newburyport Bank, Pentucket Bank and Rollstone Bank & Trust.   

The Information Security Manager (ISM) is responsible for safeguarding the organizations’ information assets and technologies as well as managing its information security strategy in compliance with regulations and applicable frameworks. The ISM works closely with the Chief Enterprise Risk Officer to develop, implement, and maintain the information security program and align the program with the organization’s strategic plan, risk appetite and overall key objectives. 

This role features a hybrid work model that blends in-office collaboration three days a week with the flexibility to work from home two days a week.  

Essential Job Functions

• Continually designs, executes, manages, and improves the enterprise’s information security program including policies, procedures, daily activities, reporting, monitoring, and training of key stakeholders. 
• Manages the information security analyst(s) to support the overall information security program. 
• Recommends/establishes risk based administrative and technical controls to protect the confidentiality, integrity, and availability of sensitive information and information technology resources.
• Completes assessments to determine compliance with applicable laws and regulations including but not limited to a ransomware assessment, a GLBA assessment, and an artificial intelligence assessment.
• Oversees the security related activity managed by the organization’s Managed Service Provider.
• Assesses, manages, and controls risks associated with electronic data processing, ensuring incidents and anomalies are promptly identified, addressed and remediated.  
• In collaboration with Operational Risk Management, help develops and maintains Information Security Incident Response Program, Cybersecurity Response, and Business Continuity Response. 
• Prepares and presents to board level Joint Risk Committee and the management level Technology and Information Security Committee including but not limited to reports, risk assessments, program recommendations and updates, and policies as needed.
• Designs Information Security awareness training and social engineering testing for all employees. 
• Manages information security related incidents which may require coordination with the Bank’s insurance agency, legal counsel, and other third parties assigned to assist with the incident.
• Reviews and approves all reports containing non public personal information requested from the core system.
• Serves as liaison and support for audits and examinations including issuing responses related to information security.
• Manages the third-party assessments engaged by Risk Management for internal vulnerability and external penetration tests. Supports the third-party assessments engaged by Internal Audit.
• Guides the Information Security Analyst(s) and operational risk team members completing IT Risk Assessments, System and Organization Controls reports, and other information security related tasks.
• Prepares and presents the annual Information Security training to each bank board. 
• Other duties as assigned.

Qualifications, Experience, and Education

• Minimum undergraduate degree, or equivalent combination of education and experience.
• 10 years of experience or more in the banking industry.
• Certified Information Systems Security Professional (CISSP), Certified Security Information Security Manager (CISM) or similar certification highly preferred.

River Run Services, LLC is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, ancestry, national origin, gender, sexual orientation, marital status, religion, age, disability, gender identity, results of genetic testing or service in the military.

If you are an individual with a disability and require a reasonable accommodation to complete the application process, you may contact Human Resources at hr@riverrun.com or call 978-462-3136.

The salary range represents an estimate based on market data for this position. Final compensation decisions are made based on experience, skills, and internal equity to ensure fairness and consistency across our organization.