CU news Logo

 Your source for the latest technology information of interest to credit unions across America.

Subscribe to our weekly e-mail newsletter and/or our monthly newsletter and stay on top of the latest technology trends in Hardware, Software, ATMs, Biometrics, Wireless, Online Banking, Marketing, Security, Internet Access and Call Centers.

Role of the Information Security Officer

Date: Friday June 28th 10:00 am - 12:00 pm CT | Cost: $265 and 2.5 CE Credits

Role of the Information Security Officer

When it comes to information and cyber security the responsibility falls at several levels including the Board of Directors and Senior Management. The Board is to set the tone, provide the direction, approve information security policies and designate an ISO. Senior Management is to ensure the Information Security Program is developed and maintained. The ISO; however, is responsible for overseeing and reporting on the management and mitigation of information security risks across the institution and is to be held accountable for the results of the oversight and reporting. The ISO is also responsible for seeing that the information security program is implemented and satisfies the regulatory Interagency Guidelines for Establishing Information Security Standards (GLBA). While once thought to be a technology function the role was typically delegated to the IT Manager or Officer but today the ISO is to be independent of IT operations and report directly to the board, board committee, or senior management. In fact, the independence of the ISO is stated in not just one of the FFIEC IT Examination Booklets but two. The September 2016 Information Security Booklet states “to ensure appropriate segregation of duties, the ISO should be independent of IT operations staff and should not report to IT operations management”. The November 2015 Management Booklet states “the ISO should be an enterprise-wide risk management rather than a production resource devoted to IT operations.”

Covered Topics:

- Regulatory expectations
- Role of the ISO
- Typical Job Description
- Independence Mitigation Suggestions
- vISO

Who Should Attend: Board, Senior Management, Auditors, IT Management, ISO, Risk Officers, IT Committee.

Speaker: Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise. As an auditor and consultant, Susan is dedicated to assisting FIs in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist FIs in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).

Webinar 21 Paid

Enter Your Name

Enter company position

Enter institution

Invalid Input

Invalid Input

Select a State

Invalid Input

Invalid Address

Invalid Input

Invalid Input

Please select invoice method

If you are paying by credit card, please enter it below.

Invalid Input

Invalid Input

(mm/yyyy)

Invalid Input

(Found on the back of the card)

Invalid Input

Invalid Input

Select a State

Invalid Input

Role of the Information Security Officer

Get Our Free Email Newsletter

Invalid Input

Invalid Input

Invalid Input

Invalid Email Address