Address
Form of workHilltop Holdings Inc. (NYSE:HTH) is a Texas-based diversified financial holding company specializing in banking, mortgage origination, and financial advisory through its wholly owned subsidiaries, PlainsCapital Bank, PrimeLending, and HilltopSecurities.
Hilltop Holdings is looking for a Director of IT Security who will be reponsible for designing, implementing, operating, and maintaining an enterprise-wide Information Security Program to ensure that:
- Policies and standards are designed to meet the Company's objectives;
- Data is protected in accordance with Company policy and regulations;
- Employees are security-aware through training and simulations;
- Security controls are embedded into technology and business solutions; and
- Security vulnerabilities are assessed and remediated in a timely manner.
This is a senior information technology management position in the Company, with authority to make decisions on major information security issues affecting the enterprise. This role will define, drive, and govern key aspects of information security including security awareness, data protection, vulnerability management, and security configuration compliance.
The Director of IT Security will report directly to the Company's Chief Information Officer. This role will partner cross-functionally with business stakeholders within Hilltop Holdings and its subsidiaries: Hilltop Securities, PlainsCapital Bank, and PrimeLending.
The Director of IT Security will be a member of Hilltop Holding's Information Security leadership team. This role will provide strategic and operational leadership to the Information Security department, which establishes, supports, and continuously improves enterprise Information Security technology, policies, practices, and standards. As an Information Security leader, the role will also serve as a Business Information Security Officer (BISO) for one or more of Hilltop's lines of businesses.
Essential Functions(IT Security)
- Develop the Company's security policies, standards and configuration baselines
- Serve as an internal security consultant to the organization, advising the organization of current security and technology practices
- Assess security risk associated with web application and infrastructure vulnerabilities
- Administer the security awareness & training program for all employees
- Conduct security assessments of new products and services in support of the Project Management Office
- Conduct security assessments of vendors in support of the Vendor Risk Management program
- Monitor and ensure systems conform with the Company's security configuration baselines
- Provide governance and oversight to the Company's architecture review process from a technical security perspective
- Ensure business stakeholders and employees understand their security responsibilities
(BUSINESS INFORMATION SECURITY)
- Work with the business and across Technology to ensure a solid understanding of Information Security requirements, identify current and/or potential security risks
- Collaborate with business leadership to prioritize Information Security initiatives based on business need and cost / benefit / risk analysis
- Develop and maintain a thorough knowledge of the supported business units to ensure provisions of proper guidance in the use of technology to meet their short and long-term needs
- Collaborate with other information security and IT leaders to develop, implement, and drive security strategies, solutions, methodologies and/or policies to strengthen the effectiveness of the Information Security program
(ADMINISTRATIVE)
- Plan staffing levels; work with Human Resources to recruit, interview, select, hire and employ an appropriate number of employees
- Coach, mentor and develop staff, including overseeing new employee onboarding and providing career development planning and opportunities
- Manage the overall operational, budgetary, and financial responsibilities and activities of the department
- Make strategic business decisions that are financially responsible, accountable, justifiable, and defensible in accordance with organization policies and procedures
- Strategic partnering and communication with internal and external contacts (including senior leadership levels) as necessary to ensure expectations and timelines are met
- Other duties as assigned or required
- Bachelor's degree in Business, Computer Technology or Information Security required
- IT Risk and/or Information Security certifications, such as CRISC, CISSP, CISM, preferred
- Minimum 10 years proven and progressive experience with information security, IT management and/or IT governance
- Minimum 5 years management experience required, including demonstrated success in leading information security and/or technical teams
- Broad technical background including application development, enterprise networking, operating systems, data management, cybersecurity, and cloud computing
- Strength in building partnerships; working collaboratively in a matrix organization
- Excellent strategic thinking, business acumen, and accountability
- Ability to establish strategic technical direction, translate concepts into actionable, implementation plans and identify technologies that improve productivity
- Excellent communication skills, both verbal and written
- Displays excellent time management, organizational and problem-solving skills
- Excellent inter-personal, conflict management skills and the ability to handle delicate situations with diplomacy and tact
- Ability to work well under pressure and meet deadlines
- Demonstrated excellent analytical skills and strong detail orientation
- Demonstrated judgment, and decision-making ability with the ability to negotiate and influence decision making
- Excellent PC skills, including Microsoft Office Suite
The above statements are intended to describe the general nature and level of work being performed by individuals in, or assigned to, the above position and are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required, and may be changed at the discretion of the Company.
Employment Type: FULL_TIME
