JavaScript seems to be disabled in your browser. For the best experience on our site, be sure to turn on Javascript in your browser.

OnDemand Webinars

The Role of the Information Security Officer

Who should really be the Information Security Officer? What does it mean to be the Information Security Officer today? When it comes to information and cyber security, the responsibility falls at several levels including the Board of Directors and Senior Management.

OnDemand

Recorded Thursday,
June 1st, 2023

Presented by Susan Orr

1h 30m total length

$279.00 or 1 Token

70BWUS236251G

Includes: 30 Days OnDemand Playback, Presenter Materials and Handouts

Available Upgrades i To upgrade your registration:

Add a webinar to your cart.

Select the desired upgrade(s).

12 Months OnDemand Playback
12 Months OnDemand Playback
- Extend your OnDemand playback access from 30 days to 12 months
$110.00
12 Months OnDemand Playback + Digital Download
12 Months OnDemand Playback + Digital Download
- Extend your OnDemand playback access from 30 days to 12 months
- Plus, get a digital copy of the OnDemand recording
$140.00

Topics

Information Technology/Security
Risk Management/Legal
Technology/Security

Roles

Board Member
Compliance Officer
Human Resources Officer
Internal Auditor
IT Professional
Security Officer
Senior Management
Trainer

Subscribe & Save on Webinars

Save on annual training costs with our Webinar Subscription Service and share webinars across your entire organization.

Become a subscriber

The Board is to set the tone, provide governance, approve information security policies and designate an ISO. Senior Management is to ensure the Information Security Program is developed and maintained. The ISO, however, is responsible for overseeing and reporting on the management and mitigation of information and cyber security risks across the institution and is to be held accountable for the results of the oversight and reporting. The ISO is also responsible for seeing that the information/cyber security program is implemented and satisfies the regulatory Interagency Guidelines for Establishing Information Security Standards (GLBA). While once thought to be a technology function the role was typically delegated to the IT Manager or Officer but today the ISO is to be independent of IT operations and reports directly to the board, board committee, or senior management. In fact, the independence of the ISO is stated in not just one of the FFIEC IT Examination Booklets but two. The September 2016 Information Security Booklet states “to ensure appropriate segregation of duties, the ISO should be independent of IT operations staff and should not report to IT operations management”. The November 2015 Management Booklet states “the ISO should be an enterprise-wide risk management rather than a production resource devoted to IT operations”.

What You'll Learn

Who Should Attend

Board, Senior Management, Auditors, IT Management, ISO, Risk Officers, IT Committee.

Susan Orr

Instructor Bio

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).

Print this page