Vp, Information Security Assurance & Response

The VP position is responsible for the engineering, operation, monitoring, and continuous improvement of Information Security processes and systems that protect the Bank’s data, customers, and computer systems from business disruption, data/identity compromise, cyber fraud, and regulatory criticism.

This is a key leadership role with direct responsibility for security monitoring and incident response, application and development security, forging excellent working relationships with IT development and infrastructure teams, partnering with business unit leaders to enable secure facilitation of supporting technologies, and helping the overall organization meet its business goals and regulatory obligations.

Essential Functions:

Key responsibilities include:

• Develops and implements security strategy, policies, procedures, technical controls, and plans to enable and protect business services, technology infrastructure, and applications with appropriate and reasonable controls.
• Develops, trains, and leads Information Security programs, including security incident response, security event monitoring, physical security, secure systems development practices, application data and cloud security, and penetration testing.
• Leads, supervises, and works with staff to sustain security and data privacy goals while developing leadership skills and mentoring management staff.
• Partners with IT teams, business operations, and product teams to educate, align, and/or incorporate cybersecurity controls within internal, vendor, and cloud-based infrastructures to reduce threat vectors, ensure data privacy protection controls, minimize incident response times, and enhance security detection parameters.
• Partners with sales and account management teams to facilitate security and compliance transparency with partners and customers, ensuring the market is equipped to trust the company as their service provider and partner.
• Incorporates experienced audit and compliance control knowledge across multiple regulatory frameworks and industry practices.
• Achieves and sustains compliance success in coordination with other security teams, IT operations, and business units across multiple regulatory, internal, and client Information Security and data privacy audits.
• Stays current on industry developments to identify emerging security technologies, risks and trends to ensure our systems keep pace with security technology and risk landscape evolution.
• Demonstrates technical security knowledge and skills to administer cybersecurity strategy and achieve security transparency to business units, executive management, and the Board.
• Performs other duties as assigned.

The VP, Information Security is also responsible to council with, support, and assist leaders of other security and IT functions as needed:

• Infrastructure and Access Control - Identifies and facilitates resolution of vulnerabilities; defines and maintains controls for identity & access management, endpoint protection, data loss prevention, network, data storage, and cloud infrastructure.
• Security Risk & Program Management - Assesses and advises technology and business groups by identifying, prioritizing, managing, and reporting security risk.
• General IT Infrastructure and Operations teams

Compliance with Laws & Regulations: 

• Responsible for complying with all of the Bank’s internal control policies and procedures.
• Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
• Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.

Education and Experience:

• Bachelors’ degree in computer or cybersecurity-related studies is required.
• Ten (10) years’ experience as a cybersecurity or data privacy technical practitioner is required.
• Seven (7) years’ experience leading technical security teams within Information Security programs/offices
• Five (5) years’ experience working in an executive or strategic leader/managerial role over technical teams is required.
• CISSP certification; other GIAC, ISC2, or other recognized certifications is preferred.

Summary of Qualifications:

• Familiarity highly-regulated industries, and specifically the banking industry (including FDIC regulations) is preferred.
• Experience leading cybersecurity programs, including the following operations: vulnerability management, security risk management, penetration testing, malware analysis and digital forensics, security engineering and toolset orchestration, web application security principles, code static and dynamic scanning applications
• Experience with, and strong knowledge of, modern security technologies (e.g. SIEM, EDR/EPP, AV, DLP, SaaS security architecture)
• Experience and technical familiarity with the following data privacy and Information Security global compliance frameworks:  GLBA, PCI-DSS, NIST, ISO 27001
• Experience managing a team of direct and indirect reports in multiple geographic locations
• Experience in all phases of HR including benefits, training, employee relations, candidate evaluation practices and methods, etc.
• Positive, inquisitive, can-do attitude.
• Outstanding troubleshooting and problem-solving skills.
• A strong bias towards automation and innovative thinking
• Demonstrated leadership skills, including strategic planning and guiding a team to successful execution
• Demonstrated skills building cross-functional partnerships with teams outside of security to accomplish security objectives, improve awareness and gain stakeholder buy-in
• Demonstrated skills with security concepts, defense-in-depth strategies, security tools, and protocols.
• “White-hat” mentality, with a healthy sense of paranoia (security awareness and risk).
• Excellent communication skills, both written and oral.
• Comfortably perform well under pressure, willingness to own results, and deliver on commitments and deadlines.
• Passion for cybersecurity and technology trends, news, and hacking techniques.