Middlesex Savings Bank

Risk Manager

Location US-MA-Westborough
Posted Date 4 months ago(11/7/2017 4:18 PM)
Req #
Risk Management - Information Security
Position Type
Full Time
Standard Working Hours
Monday - Friday 8:30am -5:00pm


Reporting to the Information Security Officer, the Risk Manager is responsible for assisting the Information Security Officer with maintaining and continually enhancing the Bank’s information security and vendor management programs.  In particular, responsibilities include the development, coordination, implementation, governance, and ongoing management of enterprise-wide policy and controls.



  • Utilize industry experience and knowledge to provide expertise and support to ensure the Bank’s information security program remains in compliance with applicable standards and regulations, including evolving data privacy regulations.
  • Adhere/enhance control testing processes to ensure information security, risk, and vendor management policies are adhered to.
  • Assist with the management of cyber security compliance functions including reporting on gaps, variances, and the assessment and disposition of cyber risk.  Assist with completion and maintenance of the Bank’s FFIEC Cybersecurity Assessment Tool.
  • Perform assessments of the current information security and vendor management framework and develop guidance that addresses gaps.
  • Assist with development, evaluation, and adherence to vendor management, risk, and information security policies, standards, and procedures.  Socialize policy & control recommendations to stakeholders across the enterprise in order to gain acceptance.  
  • Support the completion of risk assessments of business processes and products to ensure that they align with Bank policies and objectives.
  • Participate in information security, vendor management, and risk related projects and initiatives. 
  • Collect and review vendor due diligence materials in line with GLBA and TSP regulatory guidance.
  • Assist with tracking and resolution of internal audit and examination findings related to risk, information security, and vendor management.
  • Maintain and effectively utilize the Bank’s Enterprise Risk Management Software System.



  • Bachelor’s degree and 3-5+ years of experience in Bank-specific information security, risk, and/or audit areas.
  • Comprehensive knowledge of technology auditing process, GLBA compliance requirements, and technology risk assessments.
  • Working knowledge of applicable laws, regulations, and standards relating to security and data privacy.
  • Knowledge of bank operations and bank technology applications.
  • Effective communicator, relationship builder, and advocate for sound risk mitigation practices.
  • Strong organizational skills.

Middlesex Savings Bank is an EOE AA M/F/Vet/Disability employer



Search Firm Representatives, Please Read Carefully: Middlesex Savings Bank does not accept unsolicited resumes from search firms for this or any employment opportunity



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.