Chief Information Security Officer

Job Summary:

The Chief Information Security Officer (CISO) leads the Information Security (Infosec) program and daily functions of the company and is responsible for defining the cybersecurity strategy for the organization to manage risk, protect client data and company resources. The Infosec team manages the following areas: Information Security Operations, Cyber Defense, Data Protection, Identity and Access Management, Information Security Architecture, along with operational Infosec governance responsibilities such as Risk Assessments, external reviews and audits, regulatory compliance, and associated IT policies, procedures and documentation. The CISO will work with business and IT leaders to provide and maintain solutions which meet business and technical requirements by applying new and existing security technologies and solutions to solve business needs.

Essential Job Duties

• Establish and maintain the enterprise vision, strategy, and program to ensure information assets, technologies, and data are protected.


• Define and administer the strategies and polices associated with Information Security.


• Ensure the adequacy of security measures to protect the company's information systems to meet business needs and satisfy regulatory requirements and guidelines.


• Provide oversight of the team performing Information Security Functions including log monitoring, threat analysis, vulnerability management, impact analysis, and recommend action or remediation plans.


• Review and monitor risks related to Outsourced Service Providers to ensure compliance with bank and regulatory requirements.


• Develop training and awareness to support information security objectives at various levels throughout the company.


• Work closely with IT Management to ensure implementation of appropriate IT controls, processes, procedures, systems, and security technologies.


• Work closely with Enterprise Risk Management and the Technology and Operations Governance, Risk and Compliance teams for the overall company risk program.


• Participate in tactical groups, committees, teams, and other meetings as needed to facilitate the integration and recognition of Information Security into business company objectives.


• Stay current on new developments in IT risk practices, technologies, and regulatory changes and anticipate organizational modifications.


• Responsible for supporting IT Response, Business Continuity, and Disaster Recovery and other processes as they pertain to the continuity of operations for the enterprise.


• Perform the job in accordance with applicable industry laws and regulations as well as the policies and procedures established by the company.


• Responsible for upholding Fair and Responsible Banking practices and Code of Ethics and Conduct guidelines.


• Provide regular updates to the Board of Directors and Executive Management Committee concerning the Infosec Program, operational metrics and control status.


• Perform other duties as assigned.

Minimum Qualifications

• Bachelor's Degree preferred.


• 10 years of experience in a combination of risk management, information security, and IT jobs in a larger banking environment required.


• 10 years of personnel management experience; including managing professional leads and groups.


• CISA, CISSP, CISM, CRISC certifications or equivalent experience and willingness to obtain and expand certifications.


• Must possess in-depth understanding of Information Security, IT Regulatory Requirements, Risk Assessments, Access Management, Change/Configuration Management, Governance, Problem/Incident Management, Awareness and Training Programs.


• Must possess working knowledge of IT Frameworks such as NIST, CIS, COBIT and ITIL.


• Must possess strong verbal/written skills and the ability to effectively interface with internal business clients, operations teams, technical engineering teams, internal audit, regulators, senior management, executive management, and the board of directors.


• Must be a self-starter with the ability to work independently and to manage multiple tasks/projects in a disciplined and organized fashion while maintaining attention to detail.


• Analytical problem-solving skills and the ability to evaluate areas of non-compliance and associated risk implications to the business.


• Ability to motivate and manage employees to produce quality products and services.