IT Institute

Cybersecurity Square

IT Institute

Nov 3 - Nov 6, 2025 | In-Person Institute

This course is designed for banking professionals who seek to enhance their understanding of IT governance, cybersecurity frameworks, vendor management, and emerging technologies within the financial sector.

Participants will gain insights into the principles and practices that ensure effective management and control of IT resources. Through a series of focused sessions, the course covers essential topics such as IT governance, regulatory expectations, data governance, vulnerability management, emerging technologies, and incident response strategies. Real-world case study and interactive sessions will further enhance participants' ability to apply the learned concepts to their own organizations.

Learning Objectives

  • Understand the principles and practices of IT governance and its importance.
  • Explore various frameworks and understand applicability within your organization.
  • Gain insights into effective vendor management strategies, including due diligence and best practices.
  • Learn about vulnerability management, including classification, prioritization, and mitigation of IT system vulnerabilities.
  • Develop skills in managing user access, identities, roles, and permissions to ensure robust security and compliance.
  • Acquire knowledge on data governance and IT asset management.
  • Gain knowledge over emerging technologies such as Artificial Intelligence (AI), automation, and Fintech cloud computing, including key concepts.
  • Equip yourself with effective incident response strategies and participate in a tabletop exercise based on a real-life scenario.

Date
Information (Central Time unless otherwise noted)
Monday, November 3
IT governance and Board reporting

8:00 a.m. – 12:00 p.m.

This session will provide participants with an understanding of the principles and practices of IT governance. Participants will explore the policies and processes that ensure the effective management and control of IT resources within an organization. Additionally, participants will learn about regulatory expectations related to various IT and cybersecurity roles and responsibilities, while highlighting the importance of independent reviews to maintain objectivity and integrity in the ever-changing landscape of community bank IT operations.

Lunch

12:00 p.m. – 1:00 p.m.

Framework basics for IT and Cybersecurity (NIST, CIS, CRI)

1:00 p.m. – 5:00 p.m.

This session will provide participants with a broad understanding of the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), the Cybersecurity Risk Index (CRI) and Center for Internet Security Controls (CIS Controls). Designed for banking professionals, this session covers the core principles and practices of each respective framework, including its key functions: Participants will learn how to implement and adapt the framework to their organization's specific needs, structuring sound cybersecurity postures, and aligning controls to regulatory compliance.

Tuesday, November 4
Vendor Management

8:00 a.m. – 12:00 p.m.

This session will provide participants with a solid understanding of the critical role your vendor management plays in the banking industry today. It will focus on the strategies, due diligence and best practices necessary to effectively manage existing and new vendor relationships. Participants will gain insights into the entire vendor lifecycle, from selection and negotiation to performance monitoring and contract termination.

Lunch

12:00 p.m. – 1:00 p.m.

Ensuring Robust and Secure IT Systems: Key Focus Areas

1:00 p.m. – 5:00 p.m.

  • Vulnerability Management
  • This session will provide participants with broad knowledge of vulnerability management. It will cover essential aspects such as identifying, classifying, prioritizing, and mitigating vulnerabilities within IT systems. Participants will learn best practices for creating and implementing effective vulnerability management programs, including patch management, and compliance with industry standards. This training will provide participants with the knowledge needed to protect their organizations against potential threats and enhance overall cybersecurity posture.

  • User Access Management
  • This session will provide participants with an overview of user access management. Participants will delve into best practices for managing user identities, roles, and permissions to ensure robust security and compliance. The session will cover essential topics such as identity lifecycle management and regulatory requirements. At the end of the session, participants will have the skills to manage user access and address risks related to unauthorized access and data breaches in financial institutions.

Wednesday, November 5
Data Governance and IT Asset Management

8:00 a.m. – 12:00 p.m.

This session will provide participants with a high-level overview of data analytics, including data available across all your systems, data flow diagrams, data strategy, and data inventory. In addition, the facilitators will help participants understand the role data plays with driving efficiencies, identifying risk and fraud, improving bank performance, and making more effective strategic decisions. Furthermore, participants will engage in real-world case studies to understand how data can drive business insights and performance.

Lunch

12:00 p.m. – 1:00 p.m.

Preparation for assessment and deploying emerging technologies

1:00 p.m. – 5:00 p.m.

This session will provide participants with a foundational understanding of Artificial Intelligence (AI), automation and Fintech cloud computing. The focus will be on key definitions, concepts, techniques, and applications. Participants will explore key cloud computing concepts, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), as well as how AI are providing benefits and risks to you institution.

Thursday, November 6
Incident Response preparation and exercise

8:00 a.m. – 12:00 p.m.

This session will equip individuals with the essential skills and knowledge necessary for effective incident response, ensuring that organizations are well-prepared to handle and mitigate incidents that may arise. In addition, this session will include a tabletop exercise taking into consideration a real-life scenario to further enhance overall preparation and handling of various aspects of the organization’s incident response plan.

Monday, November 10

10:00 p.m. – 11:30 a.m.

Certification Exam – Held via ICBA Online Portal for those enrolled in the Certified Community Bank Technology Officer (CCBTO) certification program. The certification exam will be available following the conclusion of the institute. You will be able to access and complete the exam any time after the institute adjourns. However, you must complete the exam no later than the exam time shown above. The exam is timed, and you will be allotted the same amount of time to complete the exam no matter when you choose to take it.

Note - If you do not pass the exam, you will have the opportunity to retake the exam at a future retake date. 

Pricing

ICBA Members: $2,699

Non-Members: $3,599

Non-Bankers* : $4,499

Certification Testing Fee: $500

Printable Registration Form

*Attendance may be subject to ICBA approval.


Attendance & Cancellation Policy

  • Full payment is required prior to event attendance. 
  • Registration fee is valid for only the individual registered. Each attendee must register.
  • A substitute registration will be accepted. Please notify ICBA Education if registration needs to be changed. 
  • If registration is cancelled more than 30 days prior to the event start date, you will receive a full refund. 
  • If cancellation is within 30 days prior to the event start date, 20 percent of the registration fee paid will be deducted for costs. 
  • No refunds will be issued once the bank has received event materials or after the event start date. 
  • All rights are reserved by ICBA. No recording or distribution of the content is permitted unless expressly agreed by ICBA. 

Continuing Professional Education Credit (CPE) Requirements

To receive full CPE credit for the in-person event you must meet the following requirements: 

  • Sign in daily. The sign-in sheet will be located on the registration table outside of the conference room.  
  • Attend the session in its entirety. 
  • Participate in all group activities and projects. 

* View CPE Credit Hours in the “Who Should Attend” section.  

This event is not recorded. For more information, call 800-422-7285 or email education@icba.org. 

Atlanta, GA

Hotel information coming soon!

Who should attend: Technology officers, IT managers and chief information officers.

Prerequisites: Basic knowledge of information technology.

Program Level: Intermediate

Field of Study: Specialized Knowledge

Delivery Method: Group Live

Continuing Professional Education (CPE) Credit Hours: 31

Certification Offered: Certified Community Bank Technology Officer (CCBTO)

Tim Dively
Tim Dively

Digital Growth Director

CliftonLarsonAllen, Charlotte

group avatar horizontal
Randall Romes

Principal

CliftonLarsonAllen, Minneapolis

group avatar horizontal
Kevin Villanueva

Principal

CliftonLarsonAllen, Tri-Cities (Kennewick)

group avatar horizontal
Sundeep Bablani

Principal

CliftonLarsonAllen, Austin

Code of Conduct

Registration, attendance, or participation at this event constitutes an agreement to adhere to the ICBA code of conduct and complaint policy. ICBA aims to be welcoming, safe, and inclusive to all participants, with the most varied and diverse backgrounds possible.

As such, The Independent Community Bankers of America (“ICBA” or the “Association”) has adopted a zero-tolerance policy toward all forms of unlawful discrimination and harassment.

Read Full Policy


Suitcasing Policy

Suitcasing is the act of soliciting business by non-exhibiting companies during the event or in other public spaces, including another company's booth, a convention center, or a hotel lobby. It is ICBA event management’s objective to do everything legally possible to protect its exhibitors and community banker attendees from suitcasing.

"I am new to the ISO and VM at my bank. I feel better equipped to lead my organization in the right direction in both programs. Presentation of the information was great. Instructors were very professional and conveyed their topics very well."