Information Sec Officer Bank

Technology and Digital
Westfield Bank, FSB
210000DQ Requisition #

Location: Seville, Flexible Work Arrangement Available


From its humble beginnings since its founding in 2001, Westfield Bank has become one of the leading financial institutions in Northeast Ohio. Recognized by North Coast 99 and the Plain Dealer as a Top Workplace with a Five-Star Superior rating from BauerFinancial, the bank provides comprehensive personal, business, and agency banking products and services. Supported by Westfield Insurance, one of the nation’s 50 largest property and casualty insurance groups, Westfield Bank has grown to manage almost $2 billion in assets. The group’s motto is “Sharing Knowledge. Building Trust.” – a message and commitment lived out each day by employees across the country. 


The center of the bank’s business model revolves not around profits or numbers, but through personal relationships and close contact with its customers. All Westfield companies stress the importance of hiring quality employees, as well as developing them and empowering each employee to be the best they can be, both in their work and in their life. As an employee of Westfield Bank, you will have the opportunity to not only create peace of mind for our customers, but to grow your career in one of the best workplaces in Northeast Ohio.


Westfield offers a Total Rewards program that focuses on compensation, benefits, and wellness and includes perks like 401(k), pension plan, annual incentive, education reimbursement, onsite fitness center and casual dress. Work-life balance, recognition, and learning and career development are all part of a rewarding career with Westfield Bank. To learn more about Westfield Bank and the opportunities available, please visit us at


Information Security Officer Bank Job Summary 
The Information Security Officer, working under minimal supervision, will develop and administer the bank-wide information security program. The Information Security Officer (ISO) will establish policies, procedures, and guidelines to ensure information and assets are adequately protected. The ISO will identify, develop, implement, and maintain controls and processes across the Bank to mitigate the risk of internal and external threats to information assets and technologies. This role will oversee the Bank’s information security incident response program, the Information Security Oversight Committee (ISOC) activities, and will establish appropriate standards and controls in accordance with established policies and procedures. 
The Information Security Officer is also responsible for identifying and monitoring information security risks across the Bank in accordance with FFIEC guidance and Bank policies. 


Essential Functions (primary functions and/or reasons the job exists in order of importance)

1. Develops, administers, and maintains an Enterprise wide Information Security program (e.g., oversight committee, policies, procedures).
2. Conducts and coordinates reviews and audits of internal systems to ensure the security and confidentiality of records and information to protect against any anticipated and unanticipated threats or hazards to the security or integrity of such records. 
3. Directs and protects against unauthorized access to or use of confidential records or information which could result in substantial harm or inconvenience to any customer or the Bank.
4. Designs, establishes, maintains, and monitors security policies and procedures which promote the secure and uninterrupted operation of all information technology systems. Reviews and ensures compliance with policies and procedures. 
5. Remains current with the threat landscape for the industry; ensures compliance with the changing laws and applicable regulations; translates that knowledge into identification of risks and actionable plans to protect the business. 
6. Directs the evaluation of complex security systems according to industry best practices or regulatory guidance to safeguard internal information systems and databases. 
7. Chairs the Information Security Oversight Committee.
8. Designs training materials for and ensures completion of computer and information security education and awareness programs. 
9. Defines and reviews security requirements and subsequently reviews complex systems to determine if they have been designed and established to comply with required standards. 
10. Identifies security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives.
11. Responds to security violations and initiates corrective actions. Leads investigations for incidents related to security violations and breaches and recommends solutions; prepares reports on intrusions as necessary and provides analysis summaries to management. 
12. Collaborates with bank IT department and personnel on various projects and initiatives as needed.
13. Ensures adequate risk and compliance due diligence in review of vendor relationships and contracts including ongoing monitoring. 
14. Develops, implements, enforces, and communicates security policies and/or plans for data, software applications, hardware, and telecommunications. 
15. Identifies and monitors information security risk in accordance with FFIEC guidance by performing logical/physical risk assessments, including the identification and evaluation of potential threats and vulnerabilities that could impact the Bank’s information, applications or infrastructure and recommends mitigating controls to reduce the Bank’s risk profile in regards to confidentiality, availability and integrity of information assets.
16. Promotes information security awareness through education programs or campaigns. Assists with or leads training activities that promote the information security program and the security incident response process to all levels of the organization.
17. Facilitates exercises and tabletops to validate and improve the performance of the information security incident response plans and processes. 
18. Helps coordinate and collaborate on periodic systems vulnerability assessments including those related to social engineering.
19. Identifies and tracks metrics and scorecards that represent the current state of the Bank’s information security program based on expectations determined by the ISOC.
20. Investigates and reports information security related risk incidents and potential suspicious or fraudulent activity to the BSA Officer. Assists with case investigations, as necessary. 
21. Works proactively to establish and maintain good working relationships with the Bank’s internal/external IT teams and service providers to ensure compliance with all requirements and to maximize service provider relationships. 
22. Provides assistance to internal and external auditors/examiners for information security related audits and findings.
23. Participates in activities with the Legal Department involving e-discovery data collection tasks, coordinating information security investigations, coordinating computer forensics activities and the organization and presentation of electronic forms of evidence. 
24. Contributes to the development of policies or procedures in collaboration with the Risk Management and Compliance Officer, General Counsel, and BSA Officer, particularly when there are changes in the legal or regulatory environment. 
25. Maintains awareness, understanding and compliance with the Bank’s internal policies and procedures, laws and regulations appropriate for this position. 
26. Travels occasionally in order to participate in special assignments, training, and/or travel between office locations.


Desired Qualifications/Experience/Certification/Education (in order of importance)
1. 5 or more years of demonstrated information security experience. 
2. Certification in one or more of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), or other equivalent certifications. 
3. Understanding of current information security techniques and technologies as well as the methods used in performing risk analyses and assessments. 
4. Bachelor’s Degree in Computer Science, Information Systems or related technical field or commensurate experience.
5. Skill with office automation tools including the Microsoft Suite of Tools.
6. Excellent oral, written and interpersonal skills, resulting in the ability to interact with all levels of management, employee population, and vendors.
7. Ability to understand and communicate effectively with executive and senior leadership regarding regulatory expectations associated with information security requirements.
8. Ability to provide after-hours/ weekend support on a required rotational basis. 
9. Valid driver’s license and a driving record that conforms to company standards.


Physical Requirements (specific to the role)    
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. 
• Ability to work effectively in an office environment for 40+ hours per week (including sitting, standing, and working on a computer for extended periods of time).
• Ability to communicate effectively in a collaborative work environment utilizing various technologies such as:  telephone, computer, web, voice, teleconferencing, e-mail, etc.
• Ability to respond to emergency service calls at any time outside of normally assigned work hours.
• Ability to travel as required.


This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.


We are an equal opportunity employer/minority/female/disability/protected veteran.



Applications for positions posted on Westfield Careers must be filed on-line through the Westfield Careers portal.  If you are a disabled person who requires a reasonable accommodation to complete an online application, please contact HR Assist by email at

We are an equal opportunity employer/minority/female/disability/protected veteran.

Previous Job Searches

Create/Manage a Profile

When you join our Talent Community, you can choose to be alerted to new career opportunities that are a potential match for you as they become available.

My Profile

My Submissions

When you apply for individual job opportunities, you can keep track of them here.

My Submissions