skip to main content
Northfield Bank
FDIC

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Personal and Business Banking

Desktop Username
Desktop Password

Cybersecurity
Oversight

Cybersecurity Oversight At Northfield

Northfield Bank (the “Bank”) maintains an Information and Cybersecurity Program under the leadership of our Chief Risk Officer, Chief Information Officer, and Chief Information Security Officer, with timely Board oversight.  

The framework for our Information and Cybersecurity Program includes:

  • A formal Information Security Program, policy and procedures that are updated and approved by our Board of Directors, led by the Bank’s Chief Information Security Officer.
  • An enterprise risk management program that incorporates information and cybersecurity concerns into routine managerial decisions and risk assessments, as well as internal audits of all related business functions.
  • An annual information security training and awareness program for all employees and directors, emphasizing the importance of customer and data privacy and protection.
  • The Board of Directors has delegated oversight responsibilities to its Compliance and IT (CIT) Committee. The Board receives Information Security Program updates from the CIT Committee at all of its regular meetings.  
  • The CIT Committee:                           
    • Is comprised entirely of independent experienced directors;
    • Maintains appropriate member experience in cybersecurity oversight through a combination of work-life experience, training, and banking industry association involvement;
    • Engages an independent external cybersecurity consultant to provide guidance and expertise to assist the committee in its cybersecurity oversight. The independent external cybersecurity consultant provides the CIT Committee with periodic reports, normally quarterly, that include, among other things, an evaluation of the Bank’s Information Security Program, strategic information technology plan, staffing adequacy, emerging cybersecurity risks and mitigation techniques, and best practice recommendations.  The CIT Committee evaluates the performance of its independent consultant on annual basis, prior to appointment/reappointment;
    • Performs an annual assessment of its effectiveness, including its oversight of cybersecurity, and makes a report for review, evaluation and acceptance by the Nominating and Corporate Governance Committee of the Board, with further reporting to the Board;
    • Holds management accountable for ensuring appropriate internal controls are in place to govern Information and Cybersecurity, to ensure such risks, existing and emerging are appropriately identified, mitigated and monitored to reduce exposure.          

Oversight includes

  • Receiving timely periodic reports, normally quarterly or more frequent as necessary, from the Chief Information Officer, Chief Information Security Officer and Chief Risk Officer on technology and information security matters, including:
    • Standards and methods utilized to identify and mitigate information security risks, including the Bank’s consideration of the National Institute of Standards and Technology cybersecurity framework and the Center for Internet Security Controls;
    • Current and emerging cybersecurity risks and controls;
    • Information Technology and Information Security Staffing assessments;
    • Strategic technology plan update;
    • Information and cybersecurity employee training programs and employee cybersecurity testing results and related employee remediation, as necessary;
    • Customer cybersecurity education and awareness initiatives.
  • An annual review of the Bank’s cybersecurity insurance policy coverage limits, retentions and premium;
  • Review of independent third party audit reports on information technology and cybersecurity, including internal and external penetration testing, and monitoring of remediation, as appropriate. 
Northfield Bank Logo

You are leaving Northfield Bank’s site to visit a site not hosted by Northfield. Please review the third-party’s privacy policy, accessibility policy, and terms. Northfield is not responsible for the content provided by third-party sites.

Close

Automatic Translation Disclaimer

To help visitors understand information on this website in a variety of languages, Northfield Bank offers GoogleTM Translate, an unaffiliated third party service, which automates translation of the website. The GoogleTM Translate automated translation tool is not perfect and should not be relied upon. Automated translation may miss context, the full meaning may be lost, or words, phrases or sentences may be inaccurately translated. In addition, to the extent GoogleTM Translate caches and presents older versions of the Northfield Bank website content, that is beyond the control of the Northfield Bank site and its operators, who accept no responsibility or liability for the outdated translation.

As a result, Northfield Bank does not make any promises, assurances, or guarantees as to the accuracy of the translations provided or the accuracy of the converted text. Northfield Bank and its affiliates disclaim and will not accept any liability for damages or losses of any kind caused by or arising out of the use of or reliance on the Google Translate feature. Where there is any question, the English version is always the authoritative version of the website.

Some items on the site may not be translated such as images containing text, documents, maps, and web page elements. In addition, some features on the site may not work in the translated versions. If you have any questions about information that appears on our site, please contact us.

Please be advised that deposit and loan disclosures and contractual documents will only be provided in English.